Risk Management Associate

The Risk Management Associate provides support for continued management of corporate information systems risk under the scope of the company's Information Security program and other in-scope operations; prioritize identified gaps, threats, and vulnerabilities; and assist with reporting findings to Executive Management.  Contribute to ongoing efforts to treat identified risks and continuous improvement of the risk management plan. Provide support for Vendor Risk Management efforts to assess the security posture of prospective and current vendors.  Conduct and provide assistance with Information Security Investigations.

These Goals and objectives are not to be construed as a complete statement of all duties performed; employees will be required to perform other job-related duties as required.  Goals and objectives are subject to change.

All activities must be in compliance with Equal Employment Opportunity laws, HIPAA, ERISA and other regulations, as appropriate. 

Essential Functions: In addition to working as prescribed in our Performance Factors specific responsibilities of this role include:

• Maintain individual profiles for each identified corporate risk.
• Send preliminary security questionnaires to prospective vendors.
• Send security questionnaires to active vendors as part of routine maintenance.
• Assist with the handling of client security assessment requests.
• Conduct Information Security investigations as assigned.
• Collaborate, as needed, with the Internal Audit and Cyber Security teams for various Risk and Information Security investigation tasks.
• Maintain the quarterly Information Security investigation inventory.
• Provide overall assistance to the Risk Management Consultant.
• Stay up-to-date on relevant regulations and industry standards, such as HIPAA, ISO 27001, and PCI-DSS, ensuring that compliance efforts reflect the latest requirements.

Minimum Requirements:

Education/Experience/Certification Requirements

• Bachelor’s degree (preferred) or equivalent experience in Business, Information Technology, Compliance, or related fields.
• Excellent communication (written and oral) and interpersonal skills.
• Strong organizational, multi-tasking, and time-management skills.
• Conceptual knowledge of risk identification and risk analysis
• Must be detail-oriented and able to follow through on issues to resolution.
• Must be able to act both independently and as a team member.
• Competence with Microsoft Office Suite (Excel, Word, and Teams).

Preferred Qualifications:

• Familiarity with regulatory standards such as HIPAA, ISO 27001, and PCI-DSS, ensuring that compliance efforts reflect the latest requirements.
• Ability to communicate effectively with employees in other business units, especially those in more technical functional areas.
• Proficiency in Microsoft Office Suite (Excel, Word, and Teams).