The Information Security Risk Analyst is responsible for assisting with and performing information security risk management activities. The successful candidate will ensure effectiveness of Clarius’s Information Security Program, related primarily to the Clarius Cloud (mainly software/application/network security). Oversight may also extend to procedural security aspects such as enforcing password policy, clear desk-clear screen policy and also, in general, to Information Security Risk Assessments. This position will report directly to the Head of the QA/RA team and will support or perform a variety of risk assessment activities, some of which are as follows:
- Support ongoing due diligence of the Clarius Cloud and other software infrastructure
- Support regular information security risk assessments/audits.
- Make recommendations for minimizing security threats while maintaining overall performance/usability.
- Support assessment of new products/services as required due to risk or regulation.
- Handle highly confidential and sensitive information.
- Other duties as assigned.
Education and Training
- Bachelor’s Degree in Accounting, Finance, Business Administration, or related discipline degree from an accredited college or university or equivalent experience.
- Two (2) years experience in audit/compliance/risk, information security audit/risk management or information security; application security experience preferred.
Required Qualifications and Experience
- Ability to exercise good judgment in evaluating situations and making decisions
- Effective interpersonal skills with the ability to relate to all levels of management
- Ability to thrive in an environment of change and manage multiple tasks and responsibilities simultaneously
- Excellent written and verbal communication, organizational, problem solving, and decision-making skills
- Strong organizational and planning skills
- Strong knowledge and understanding of risk and controls
- Strong analytical/quantitative skills
- Ability to be a logical thinker
- Ability to deal with and meet tight deadlines with limited resources
Desirable Qualifications and Experience
- Bachelor’s Degree in Management Information Systems, Accounting Information Systems, Computer Science or related discipline degree from an accredited college or university OR equivalent experience.
- One of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other certification / accreditation
- Familiarity with legal obligations (e.g., HIPAA) to protect personal health information and associated best practices
- Familiarity with software/application/information security risk assessments and certifications such as HiTrust and MyCSF
- Proficiency in identifying and assessing Information Security risk and development of appropriate strategies to mitigate risk
- Understanding of standards and frameworks such as Committee of Sponsoring Organizations of the Treadway Commission (COSO), Control Objectives for Information and Related Technology (COBIT), International Organization for Standardization (ISO 27001), National Institute of Standards and Technology (NIST), and Information Technology Infrastructure Library (ITIL)
- Understanding of information security regulatory requirements
- Knowledge of the health/ultrasound/medical devices industry
- Understanding of and practical experience with information security risk assessment and information security audits
What we Offer
- Competitive base salary (commensurate with experience and education)
- Comprehensive benefits package
- Flexible working environment
- Opportunities for career advancement within the company
Please submit resume and cover letter no later than January 18, 2017 to email@example.com.
We thank all applicants for their interest, however, only those selected for interviews will be contacted.