About the Role
Title: Cybersecurity Risk Analyst
Location: Remote, US
Job Description:
Join PatientPoint to be part of a dynamic team committed to empower better health. As a leading digital health company, we innovate to positively impact patient behaviors. Our purpose-driven approach offers an inspirational career opportunity where you can contribute to improving health outcomes for millions of patients nationwide.
Location: Remote
Travel Requirements: Less than 10%
Job Summary
The Cybersecurity Risk Analyst is responsible for identifying, assessing, and mitigating security risks that could impact the organization’s data, systems, and operations. This role involves developing risk management strategies, ensuring compliance with security standards, and collaborating with cross-functional teams to strengthen the organization’s security posture. Cybersecurity Risk Analyst is responsible for leading PatientPoint’s Risk team.
What You’ll Do
Risk Management & Assessment
- Identify, analyze, and evaluate cybersecurity risks related to the organization’s IT infrastructure, applications, and third-party vendors.
- Develop and implement cybersecurity risk management frameworks, policies, and procedures.
- Conduct regular security risk assessments, audits, and penetration testing to detect vulnerabilities in collaboration with Cybersecurity team.
- Maintain and update risk registers, ensuring timely mitigation of identified risks.
Compliance & Governance
- Ensure compliance with industry regulations and frameworks such as NIST, ISO 27001, GDPR, CMMC, HIPAA, or SOC 2.
- Develop and enforce policies related to data protection, access control, and risk mitigation.
- Conduct internal security audits and prepare for external audits to meet regulatory requirements.
- Provide governance support for cybersecurity policies, ensuring alignment with business objectives.
Incident Response & Mitigation
- Lead response efforts for security incidents, including investigations, containment, and recovery.
- Develop and refine cybersecurity incident response plans (CSIRPs).
- Collaborate with IT and security teams to ensure timely resolution of vulnerabilities.
- Conduct post-incident reviews and implement lessons learned to improve security resilience.
Collaboration & Communication
- Work with IT, compliance, and business teams to integrate cybersecurity risk management into overall business strategies.
- Educate and train employees on security best practices, policies, and threat awareness.
- Provide executive-level reports on cybersecurity risks, incidents, and mitigation efforts.
- Serve as the liaison between the organization and external cybersecurity auditors, vendors, and regulatory agencies.
Technology & Continuous Improvement
- Stay up to date with emerging cyber threats, vulnerabilities, and industry trends as it relates to organizational risk.
- Recommend enhancements to security controls, policies, and procedures.
What We Need
- Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field
- 5+ years of experience in cybersecurity, risk management, or IT security.
- Hands-on experience in risk assessment methodologies, cybersecurity frameworks, and compliance management.
- Familiarity with cloud security, network security, and data protection strategies.
Desired Qualifications
- CISSP, CISM, CRISC, or CEH certifications
What You’ll Need to Succeed
- Strong analytical and problem-solving skills.
- Excellent understanding of risk management principles and cybersecurity frameworks.
- Proficiency in security tools and technologies.
- Effective communication and stakeholder management skills.
- Ability to work under pressure and manage multiple security initiatives.