View all jobs
Security Assessment Analyst
Seattle, WAPosition: Security Assessment Analyst
Number of openings: 2
Type: Contract
Duration: 8 months
Industry: Healthcare
DevSelect has a local client looking to fill 2 positions on their Security team for 8 months. Below is a description and skills list for the desired candidates:
Number of openings: 2
Type: Contract
Duration: 8 months
Industry: Healthcare
DevSelect has a local client looking to fill 2 positions on their Security team for 8 months. Below is a description and skills list for the desired candidates:
Conducting Express Assessments
Express Assessments are simple yes/no questionnaires designed to quickly assess a system's compliance with the 100 HITRUST Common Security Framework (CSF) controls that directly align with HIPAA and HITECH regulations. Assessors will be expected to complete the following tasks:
· Identify inherited organizational controls and likely threats based on a system's Environment Survey
· Guide system owners and administrators through completion of the Express Assessment Questionnaire in face-to-face interviews
· Identify control gaps between implemented or planned controls and required controls
· Record findings in the risk registry
· Assemble reports using standardized risk statements and mitigation recommendations
· Present findings to system owners and administrators
Deliverables:
· Three Express Assessments completed each week
Conducting Standard Assessments
Standard Assessments are an extension of the Express Assessment process that requires the system owner or administrator to document implemented or planned controls. Control documentation is evaluated by the assessor against the 100 HITRUST CSF controls that directly align with HIPAA and HITECH regulations. Assessors will be expected to complete the following tasks:
· Identify inherited organizational controls and likely threats based on a system's Environment Survey
· Guide system owners and administrators through completion of the Express Assessment Questionnaire in face-to-face interviews
· Assist system owners in documenting implemented or planned controls
· Assess documented controls to determine if they are sufficient to mitigate risk
· Write risk statements and mitigation recommendations
· Record findings in the risk registry
· Write reports in the standard format
· Present findings to system owners and administrators
· Track findings and mitigation plans
Deliverables:
· One Standard Assessment completed each week
Required skills
· Experience conducting risk assessments
· Thorough understanding of HITRUST CSF, NIST RMF, and/or ISO ISMS
· Excellent oral and written communication skills
· Ability to communicate and work with technical and non-technical people
· Ability to work with minimal supervision
Desired skills
· Experience working in academic healthcare
· SharePoint design/development
· Experience developing or managing Linux, Windows, and/or healthcare applications