Information Security Risk Analyst - Senior (REMOTE)
Apply NowLocation:
Raleigh, NC, US
Company:
Serigor Inc. is a consulting firm specializing in risk management and information security solutions.
Summary:
The applicant will lead the annual enterprise security risk assessment while ensuring compliance and preparing for HITRUST certification. Required experience includes a strong background in cybersecurity and familiarity with NIST frameworks.
Requirements:
Experience: 5 years in IT risk management, cybersecurity, or information security assessment, 5 years knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework, 5 years experience performing security and privacy risk assessments, 5 years familiarity with HIPAA security and privacy rules, 5 years experience with HITRUST CSF alignment or certification preparation, 5 years strong written and verbal communication skills
Job Description:
Job Title: Information Security Risk Analyst - Senior (REMOTE)
Location: Raleigh, NC
Duration: 12+ Months
Job Description:
- The Client is seeking a skilled Information Security Risk Analyst on a contract basis to lead the execution of its annual enterprise security risk assessment.
- This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation, & positions the client for future HITRUST certification. Plan and conduct the client annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
- Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
- Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
- Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
- Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
- Develop and deliver documentation, dashboards, and executive summaries.
- Collaborate with internal stakeholders to validate findings and support security governance efforts.
Skills:
| Skill | Required/Desired | Amount | of Experience |
| Experience in IT risk management, cybersecurity, or information security assessment. | Highly Desired | 5 | Years |
| Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework. | Highly Desired | 5 | Years |
| Experience performing security and privacy risk assessments with documentation aligned to federal and state standards. | Highly Desired | 5 | Years |
| Familiarity with HIPAA Security and Privacy Rules, and healthcare-specific risk domains. | Highly Desired | 5 | Years |
| Experience with HITRUST CSF alignment or certification preparation. | Highly Desired | 5 | Years |
| Strong written and verbal communication skills for technical and executive audiences. | Highly Desired | 5 | Years |
