PacificSource Health Plans

  • Information Security Risk Analyst

    Job Location US-OR-Springfield
    Job ID
    Regular Full-Time
    Hiring Pay Range
    # of Openings
  • Overview

    Coordinate and support the information security risk identification and management process across the organization.  Responsible for the implementation, coordination, maintenance and improvemen1 of the information security risk management program.  Responsibilities include collaborating with appropriate stakeholders to coordinate and conduct risk assessments, appropriately documenting and managing identified risks to an acceptable level, monitoring progress and providing regular updates to leadership.  Make recommendations for mitigations, corrective action plans, projects and strategic initiatives, to manage risk to an acceptable level.  Coordinate and drive strategic information security governance and compliance activities.  


    1. Coordinate, conduct, and support risk assessments to identify, evaluate, and address information security risks.
    2. Develop, standardize, manage, and improve the information security risk management process, to include the coordination of risk assessments, aggregation of assessment results, corrective action plans and reporting.
    3. Manage and coordinate Information Security compliance activities, to include achievement of HITRUST Alliance certification and PCI DSS compliance.
    4. Coordinate and manage the 3rd Party Risk and Vendor Risk Management (VRM) program.
    5. Successfully track, coordinate, project manage and drive remediation activities across teams within the organization.
    6. Educate, assist and guide stakeholders through the risk management process.
    7. Manage assigned projects according to life cycle (define, plan, execute, control).
    8. Maintain the information security risk register and other assigned information security tools.
    9. Develop and manage schedule, timelines, activities, and milestones.
    10. Actively contribute and support the information security and organizational objectives.


    Supporting Responsibilities:

    1. Meet department and company performance and attendance expectations.
    2. Follow the PacificSource privacy policy and HIPAA laws and regulations concerning confidentiality and security of protected health information.
    3. Ensure compliance with standards, policies, procedures, requirements, and regulations.
    4. Pilot new hardware and/or software and determine capabilities and/or limitations.
    5. Perform other duties as assigned.


    Work Experience:  Minimum of 3 years of experience in information technology and/or information security, risk management or compliance.  Experience in risk and compliance management and process development in the areas of information technology and security required.  Recent hands-on work experience with at least one of the following frameworks: HITRUST CSF, ISO 27001, ISO 27005, ISO 31009, and NIST SP800-30 preferred.  Direct governance, risk, and compliance experience strongly preferred.  Leading, coordinating or managing projects in a complex enterprise environment is preferred.


    Education, Certificates, Licenses: Bachelors in Risk Management, Finance, Business or related field is strongly preferred.  Has training in and/or pursuing certifications in the area of information security, project management and technology auditing including, CISSP, CRISC, CTPRP, CISM, CGEIT, CISA, GIAC GSEC, and/or PMP.


    Knowledge: Solid understanding of common risk assessment and management methodologies.

    Strong knowledge of information security including a basic understanding of Third Party Risk Management, information security controls, industry standards and best practices such as the NIST 800 series, NIST CSF, HITRUST, OCTAVE, and ISO 27000 series necessary.  Customer service oriented, and commitment to establishing and maintaining positive and healthy working relationships.



    Our Values

    • Adaptability
    • Building Customer Loyalty
    •  Building Strategic Work Relationships
    •  Building Trust
    • Continuous Improvement
    • Contributing to Team Success
    • Planning and Organizing
    • Work Standards



    • We are committed to doing the right thing.
    • We are one team working toward a common goal.
    • We are each responsible for our customers’ experience.
    • We practice open communication at all levels of the company to foster individual, team and company growth.
    • We actively participate in efforts to improve our communities-internal and external.
    • We encourage creativity, innovation, continuous improvement, and the pursuit of excellence.




    Environment: Work inside in a general office setting with ergonomically configured equipment. Position may require travel, which is not expected to exceed 5% of the time.


    Physical Requirements: Stoop and bend. Sit and/or stand for extended periods of time while performing core job functions.  Repetitive motions to include typing, sorting and filing. Light lifting and carrying of files and business materials. Ability to read and comprehend both written and spoken English. Communicate clearly and effectively.


    Disclaimer: This job description indicates the general nature and level of work performed by employees within this position and is subject to change. It is not designed to contain or be interpreted as a comprehensive list of all duties, responsibilities, and qualifications required of employees assigned to this position. Employment remains AT-WILL at all times.


    PacificSource is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to status as a protected veteran or a qualified individual with a disability, or other protected status, such as race, religion, color, national origin, sex, sexual orientation, gender identity or age.






    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed