Senior Analyst, Information Security Governance, Risk and Compliance

Option Care Health•Springfield, IL

13h

About The Position

The Security Senior Analyst is an information security role focused on supporting IT policies, processes, oversight, and response related to corporate wide regulatory and contractual obligations. While the Senior Analyst will be sligned across the Governance, Risk and Compliance portfolio to include work in risk, education and training, metrics and third party management, the Senior Analyst will focus on addressing Option Care Health Sarbanes-Oxley (SOX) technical and other requirements and requests provided by Option Care Health internal and external auditors including SOC2 attestation. The Senior Analyst will also support Option Care Health access management program, ensuring that users have appropriate access to key applications, based upon their roles.

Requirements

Bachelor’s degree and at least 3- 5 years’ experience in Information Security field and/or IDAM or business analyst position.
Understanding of Sarbanes-Oxley; experience working and/or leading SOX response.
Understanding of Access Management.
Experience working in various facets of an Information Security program, addressing issues such as third party and other risk, regulatory compliance, education and training, and metrics development
Excellent verbal and written communication skills to collect analyze and present data.
Excellent data analysis, reporting and problem solving skills.
Demonstrates initiative, able to work independently with minimal supervision yet can work well in a team environment and is customer focused.
Travel unlikely, but willing to travel up to 10% of the time for business purposes (within state and out of state).

Nice To Haves

Bachelor's degree in Information Security, Computer Science, Analytics, Education, English, Law or related field,
Knowledge of Access management & maintaining access management
Information Security Certification
Experience with data analysis and analytics, including metrics development
Exceptional MS Excel skills

Responsibilities

Responsible for enhancing corporate-wide IT compliance with regulatory and similar requirements, such as Sarbanes-Oxley (SOX), AICPA SOC2, Payment Card Industry and others.
Work with the business and internal/external auditors to ensure accurate and timely completion of IT SOX testing plan and other requests.
Responsible for enhancing enterprise-wide access management policy, standards, process and audit to ensure compliance with all national standards and regulations.
Responsible for enhancing access management; confirming proper access roles for key systems on a quarterly basis across the enterprise.
Prepares, collects and analyzes Information Security metrics related materials and documentation in conjunction with numerous InfoSec projects and day-to-day operations as well as SOX Compliance.
Responsible for responses to payer and other third-party corporate requests and audits on behalf of IT.
Responsible for or supports all facets of the InfoSec Governance, Risk and Compliance program, including metrics development, data governance, incident response, education and training, and others as needed.