Top Three Skills:
1) Conduct Information Risk Assessments as assigned to the team. Request and analyze documentation necessary to perform appropriate assessment and conduct necessary interviews in order to collect and review relevant materials necessary to produce results of the assessment.
2) Clearly and concisely document and communicate risk assessment results with requestor, security architects and management, as appropriate. (Be able to be that liason between the business and technical people).
3) Conduct and formulate appropriate risk scoring, as it relates to threat, vulnerability, likelihood, impact, security controls/counter-measures, etc. (Rank risk/inherent risk score).
Looking for an individual to come in with an information security background to look at documentation, review findings, and write risk assessments. This person will act as the liason between technical people and the business as they analyze data and rank risk based on their findings. Preferred knowledge of the HITRUST framework is encouraged, not required.