Apply on Employer Site

enGen · 1 month ago

Information Risk Consultant

Maryland Park, MD

Full-time

Onsite

Mid, Senior Level

$68K/yr - $126K/yr

7+ years exp

enGen is focused on strengthening information security through effective governance and control. The Information Risk Consultant will enhance the security posture by conducting risk assessments, ensuring compliance with various frameworks, and collaborating across teams to implement robust security measures.

Health CareInformation TechnologyOnline Portals

H1B Sponsor Likely

Responsibilities

Conduct Information Risk Assessments as assigned to the team. Request and analyze documentation necessary to perform appropriate assessment and conduct necessary interviews in order to collect and review relevant materials necessary to produce results of the assessment

Clearly and concisely document and communicate risk assessment results with requestor, security architects and management, as appropriate

Conduct and formulate appropriate risk scoring, as it relates to threat, vulnerability, likelihood, impact, security controls/counter-measures, etc

Understand and contribute to inventory of risk register tracking, scoring and associated risk statements

Perform follow up activities related to exceptions, risk acceptance, corrective action plans and additional mitigation activities

Communicate risk treatment methodology; risk avoidance, risk acceptance, risk transference and risk mitigation to appropriate groups

Partner with multiple projects and initiatives to apply security architecture requirements, develop architecture solutions, integrate security into solution designs, access risks of security gaps, and develop architecture remediation

Assist HM Health Solutions teams in developing and maintaining appropriate procedural documentation which meets relevant compliance standards, such as Payment Card Industry - Data Security Standards (PCI-DSS), Health Information Trust Alliance (HITRUST), and International Organization for Standardization (ISO) 27001

Prepare and present solution decks to different levels of management and varying technical experience

Begin to take lead role in assuring compliance to required standards, procedures, guidelines and processes

Other duties as assigned or requested

Qualification

Information SecurityRisk ManagementGovernanceComplianceHIPAANIST CSF 2.0PCI DSSISO 27001Security ArchitectureRisk AssessmentPolicy ManagementSecurity PoliciesGRC ToolsCybersecurity IntegrationTeamworkInterpersonal SkillsCommunicationPresentation Skills

Required

Bachelor's Degree - Information Security, Information Systems, Information Assurance, Computer Science or related field

At least 7 years' experience in Information Security, Governance, Risk and/or Compliance

Minimum 3 - 5 years' experience in Information Security and/or Information Risk Management and/or Information Technology

1 - 3 years' experience within Information Security Governance, Risk and/or Compliance functions and activities

1 - 3 years' experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences

Familiarity with technologies such as intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms

Knowledge of HITRUST CSF, NIST 800-83 cyber security framework, PCI, HIPAA, HITECH, COBIT, ISO 27001/2, and ITIL 3

Knowledge of NIST Risk Assessment methodology

Familiarity with secure SDLC best practices

Knowledge of OCTAVE or OCTAVE Allegro risk methodology

Ability to work within high performance, multi-discipline teams

Strong teamwork and interpersonal skills

Preferred

Master's Degree - Computer Science, Information Security or related field

5 - 7 years' experience in Information Security and/or Information Risk Management including

Demonstrated ability to contribute to policy lifecycle management, ensuring timely updates and alignment with HIPAA, NIST CSF 2.0, and other authoritative source requirements

Experience assisting with control assurance and maturity improvement initiatives, with a focus on remediating gaps and strengthening the cybersecurity posture

Strong background in interpreting and applying security policies, standards, and regulatory requirements within complex business and technical environments

Experience supporting cybersecurity governance activities, including coordinating cross-functional forums and contributing to dashboards and narratives for decision-making

Familiarity with governance tools and platforms such as RSA Archer (GRC) and policy management systems

Industry certifications such as Security+, GSEC, CySA+, or working towards CISSP, CISM, CISA, or SANS certifications

Company

enGen

enGen specializes in a dynamic ecosystem of automation and health tech that supports health plans and their provider partners.

Founded in 2014

Pittsburgh, Pennsylvania, USA

10001+ employees

https://goengen.com

H1B Sponsorship

enGen has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (103)

2024 (87)

2023 (99)

2022 (108)

2021 (121)

2020 (82)

Funding

Current Stage

Late Stage

Leadership Team

Mike Stimpson

Chief Technology Officer

Maynd Jolly

CFO and SVP Client Executive, Growth & Partnerships

Recent News

South Africa Today

Engen Xtreme Drives Nationwide December Activations Across Three Regions

2025-12-06

AllAfrica.com

South Africa: When Polluters Don't Pay - Still No Cleanup At South African Oil Refinery That's Caused Millions in Damage but Was Sold for 6 Cents

2025-11-11

Zawya.com

BP and Shell yet to clean up; Durban refinery's toxic legacy persists

2025-11-11

Company data provided by crunchbase