Senior M&A Security Professional
About The Position
The Senior Security Professional acts in a security assessor role to review acquisition environments of diverse scopes and complexity ranging from moderate to substantial against well-known cyber security frameworks. In this role you will have the unique opportunity to help Humana assess and integrate acquired companies into the organization. You will work with Humana's technology organization and various internal groups to review and contribute to integration initiatives with available technology including hardware, software, applications, and peripherals with the purpose of ensuring that security meets Humana's expectations. The Senior M&A Security Professional reviews acquisition environments of diverse scopes and complexity ranging from moderate to substantial and assists the teams with creating, tracking, and implementing remediation plans to address identified security gaps. We are looking for someone who is curious, has great diligence, is flexible and loves the challenge of helping ensure that we have secure solutions to support our business objectives.
Requirements
- 8 years' experience as a Security Assessor/auditor, IT controls implementation professional or Risk professional working with complex systems, teams, GRC processes and tools
Nice To Haves
- Bachelor's or Master's degree in information security, IT, or business-related field
- Experience in Healthcare industry with a solid understanding of HIPAA
- Knowledge and experience in mergers & acquisitions relative to reviewing various technology systems/controls.
- Knowledge of Humana's Minimum Necessary Security framework and processes.
- Ability to manage multiple assignments for various entities at the same time
- Cloud knowledge or certification
- Security certification (e.g.,., CISSP, CISA, CCSP, etc.)
Responsibilities
- Lead a risk assessment and/or audit of IT controls and systems. The scope could include client/endpoints, servers, access management controls, networks, telecommunications systems, and various cloud environments / applications.
- Conduct audit review procedures and evaluate the company's technological infrastructure against HITRUST, NIST, PCI and other internal security control frameworks, as needed.
- Review business processes, identify and assess controls, and communicate results with the team.
- Identify and prioritize risks to the environment, document the risks and recommendations to address the risks and work with the target entity to help them understand the risks.
- Make recommendations on moderately complex to complex issues regarding technical approaches for project components.
- Perform work independently and exercise considerable latitude in determining objectives and approaches to assignments.
- Communicate well verbally and in writing to various types of audiences (e.g., technical SME and business leadership).
- Understand when an identified risk is worthy of escalation to leadership and can manage discussions that support the escalation.
Benefits
- medical, dental and vision benefits
- 401(k) retirement savings plan
- time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave)
- short-term and long-term disability
- life insurance
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
