IS Security Risk Analyst III

About The Position

Requirements

• Bachelor's in a job related field Or an additional 4 years job related work experience Or Associate's plus an additional 2 years job related work experience
• 6 years of I/T experience including 4 years of IT security, risk assessment and/or compliance experience.
• Successful completion of BCBSSC I/S Entry Level Training Program (ELTP) may be substituted for 2 years of I/T experience.
• Good understanding of Systems Development Life Cycle methodologies.
• Subject Matter Expert in government or private risk frameworks and control implementations.
• Good understanding of risk management, information system security and compliance standards.
• Excellent analytical and decision-making skills.
• Proven ability to interpret and apply knowledge of regulatory/accreditation requirements.
• Ability to independently solve problems often spanning multiple environments and business areas.
• Ability to effect change and bring security, risk and compliance knowledge to the organization through the use of positive influence.
• Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets and communication protocols.
• Strong communication skills in presenting results both verbally and in writing.
• Possess excellent collaboration skills with a wide variety of internal matrix and management staff.
• Standard office equipment.

Nice To Haves

• Experience with NIST, FISMA, HIPAA, or other regulatory requirements.
• Knowledge of technical security controls from NIST, DISA, USGCB, etc. compliance domains across multiple platforms.
• Deep understanding of security risk exposures and how vulnerabilities can be translated into business risk that leadership understands.
• Ability to analyze, trend and forecast from high volumes of compliance data.
• Experience with compliance programs within a government agency (i.e. Medicare, Tricare) is preferred.
• Direct experience with NIST 800-53 security frameworks.
• Experience with DoD, DIARMF or FedRamp program is a plus.
• ISACA Certified Information Security Manager (CISM)
• Comptia Security +
• ISC2 SSCP (System Security Certified Practitioner)
• CompTIA Cybersecurity Analyst+ (CySA+)

Responsibilities

• Independently monitor remediation of new and outstanding issues, including Information Security Risk Exception process, to ensure identification of areas of non-compliance.
• Utilize tools to track and report on compliance posture.
• Independently conduct formal risk analysis and self-assessments to determine effectiveness of controls and ensure creation of action plans to remediate identified risks.
• Facilitate development, implementation and documentation of Information Security policies, procedures, processes and programs to guide organization toward continuous compliance.
• Independently analyze and interpret security regulations and controls to advise on security compliance at a broad perspective across multiple business areas.
• Consult on organizational impacts of compliance and risk management decisions.
• Serve as an interface with external entities for governance and compliance reviews regarding information security risk across multiple business areas and controls.
• Independently investigate, document and resolve Information Security Incidents.
• Advise senior management of critical issues that may affect organization.
• Research emerging security topics, threats and capabilities to create/update policy and governance.
• Promote organizational security awareness by developing security training, Security Council bulletins, security policies, standards and best practices.

Benefits

• Subsidized health plans, dental and vision coverage
• 401K retirement savings plan with company match
• Life Insurance
• Paid Time Off (PTO)
• Nine paid holidays
• On-site cafeterias and fitness centers in major locations
• Education Assistance
• Service recognition
• National discounts to movies, theaters, zoos, theme parks and more