Cybersecurity Risk Analyst

Location: Cincinnati or Remote

Travel Requirements: Less than 10%

Job Summary 
The Cybersecurity Risk Analyst is responsible for identifying, assessing, and mitigating security risks that could impact the organization's data, systems, and operations. This role involves developing risk management strategies, ensuring compliance with security standards, and collaborating with cross-functional teams to strengthen the organization's security posture.  Cybersecurity Risk Analyst is responsible for leading PatientPoint’s Risk team.

What You’ll Do

Risk Management & Assessment

• Identify, analyze, and evaluate cybersecurity risks related to the organization's IT infrastructure, applications, and third-party vendors.
• Develop and implement cybersecurity risk management frameworks, policies, and procedures.
• Conduct regular security risk assessments, audits, and penetration testing to detect vulnerabilities in collaboration with Cybersecurity team.
• Maintain and update risk registers, ensuring timely mitigation of identified risks.

Compliance & Governance

• Ensure compliance with industry regulations and frameworks such as NIST, ISO 27001, GDPR, CMMC, HIPAA, or SOC 2.
• Develop and enforce policies related to data protection, access control, and risk mitigation.
• Conduct internal security audits and prepare for external audits to meet regulatory requirements.
• Provide governance support for cybersecurity policies, ensuring alignment with business objectives.

Incident Response & Mitigation

• Lead response efforts for security incidents, including investigations, containment, and recovery.
• Develop and refine cybersecurity incident response plans (CSIRPs).
• Collaborate with IT and security teams to ensure timely resolution of vulnerabilities.
• Conduct post-incident reviews and implement lessons learned to improve security resilience.

Collaboration & Communication

• Work with IT, compliance, and business teams to integrate cybersecurity risk management into overall business strategies.
• Educate and train employees on security best practices, policies, and threat awareness.
• Provide executive-level reports on cybersecurity risks, incidents, and mitigation efforts.
• Serve as the liaison between the organization and external cybersecurity auditors, vendors, and regulatory agencies.

Technology & Continuous Improvement

• Stay up to date with emerging cyber threats, vulnerabilities, and industry trends as it relates to organizational risk.
• Recommend enhancements to security controls, policies, and procedures.

What We Need

• Bachelor's or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field
• 5+ years of experience in cybersecurity, risk management, or IT security.
• Hands-on experience in risk assessment methodologies, cybersecurity frameworks, and compliance management.
• Familiarity with cloud security, network security, and data protection strategies.

Desired Qualifications

• CISSP, CISM, CRISC, or CEH certifications

What You'll Need to Succeed

• Strong analytical and problem-solving skills.
• Excellent understanding of risk management principles and cybersecurity frameworks.
• Proficiency in security tools and technologies.
• Effective communication and stakeholder management skills.
• Ability to work under pressure and manage multiple security initiatives.

Base Salary Band: 79,579.60 - $127,999.00
Compensation: At PatientPoint, we are committed to providing competitive pay and benefits that are in line with industry standards. We analyze and carefully consider several factors when determining compensation, including skills, qualifications, geographic location, and professional experience, which can cause your compensation to vary. The base salary range listed is just one component of PatientPoint’s total compensation package for employees. For additional details on our total benefits package, please review the section “About PatientPoint” at the end of this job description.