Senior Cyber Security Controls Consultant

Job ID: J117779
Company: HM Health Solutions Inc.
Location: Camp Hill, PA, United States
Full/Part Time: Full time
Job Type: Regular
Posted at: Jun 8, 2018

Share:

Description

The Senior Information Security Controls Analyst is a subject matter expert within their assigned information security compliance domain. Key responsibilities will be leading information security control adherence, through working directly with enterprise areas on the operating effectiveness of controls. This role will be expected to follow established standards, industry testing methodology, risk methodology, as well as suggest domain improvements; to assist in the composition and analysis of the results of the control adherence and reporting outcomes to senior management.

In this role, you will become a subject matter expert in the controls and domains that you review and act as a resource for escalation and clarification on test procedures, evidentiary requirements, or results.  In addition, this role will act as a mentor to new members of the Information Security Compliance Management team and conduct training as needed to meet quality through established standards. Information Security Controls Analysts will analyze and monitor controls adherence.  Regular review and understanding of the information security regulatory guidance changes and ensure domains are informed to accordingly.  Ensures engagements are planned and executed for program effectiveness, along with meeting the strategic plans of the Information Security Risk Management and Information Security Compliance Management department. 

Key Responsibilities:

  • Assessment of controls and monitoring plans
  • Makes process improvement and control enhancement suggestions to exceed baseline requirements
  • Compliance risk monitoring, analysis, and mitigation activities
  • Risk monitoring and reporting requirements
  • Participates in compliance initiatives, business as usual activities, ad hoc requests, and identifies potential compliance risk impacts or exposures
  • Knowledge of and ability to utilize tools, techniques and processes for gathering and reporting data in a particular department or division of a company
  • SOC2 experience along with control frameworks expertise in HITRUST, NIST SP 800-53, PCI DSS, CIS Critical Security Controls, and ISO 27001/2700

REQUIRED EDUCATION

Bachelor’s Degree - Information Security, Information Systems,  Information Assurance, Computer Science or related field

Substitutions 

At least 10 years' experience in Information Security, Governance, Risk and/or Compliance

PREFERRED EDUCATION

Master’s Degree - Computer Science, Information Security or related field

REQUIRED EXPERIENCE

  • 7 - 10 years' experience in Information Security and/or Information Risk Management and/or Information Technology                  
  • 5 - 7 years' experience within Information Security Governance, Risk and/or Compliance functions and activities                       
  • 7 - 10 years’ experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences        
  • Familiarity with technologies such as intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms

PREFERRED EXPERIENCE  

  • 10 - 15 years' experience in Information Security and/or Information Risk Management and/or Information Technology                       
  • SOC2 experience along with control frameworks expertise in HITRUST, NIST SP 800-53, PCI DSS, CIS Critical Security Controls, and ISO 27001/2700    
  • Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits                           
  • IT / Information security risk advisory experience               
  • Governance Risk and Compliance (GRC) tool experience such as ARCHER                    
  • In-depth understanding of network security architecture, network and networking protocols                         
  • Security industry organization participation / leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.)

KNOWLEDGE, SKILLS & ABILITIES 

  • SOC2 experience along with control frameworks expertise in HITRUST, NIST SP 800-53, PCI DSS, CIS Critical Security Controls, and ISO 27001/2700 
  • Knowledge of NIST Risk Assessment methodology
  • Familiarity with secure SDLC best practices                           
  • Knowledge of OCTAVE or OCTAVE Allegro risk methodology                             
  • Ability to work within high performance, multi-discipline teams
  • Strong teamwork and inter-personal skills

PREFERRED LICENSURE

  • Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Systems Auditor (CISA), Global Information Assurance Certification Security Essentials Certification (GSEC), SANS or similar industry certifications

TRAVEL REQUIREMENT
0% - 25%

Referral Payout Level: 2

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability.
EEO is The Law
Equal Opportunity Employer Minorities/Women/ProtectedVeterans/Disabled/Sexual Orientation/Gender Identity (http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf)
We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.
For accommodation requests, please call HR Services at 844-242-HR4U or visit HR Services Online at HRServices@highmarkhealth.org

Share:

Interested in working at the Highmark Health enterprise?
Take the first step by joining our Talent Network today!

Join Our Talent Network

Similar Jobs

Sr Architect

Camp Hill, PA, United States
IS/IT

Application Developer - Java

Pittsburgh, PA, United States
IS/IT

Senior Application Developer

Harrisburg, PA, United States
IS/IT

Data Architect - Analytics

Camp Hill, PA, United States
IS/IT

Data Analyst - Oncology

Pittsburgh, PA, United States
IS/IT

Business Analyst

Pittsburgh, PA, United States
IS/IT

Application Developer - Java

Camp Hill, PA, United States
IS/IT

Data Architect - Analytics

Pittsburgh, PA, United States
IS/IT

Lead Architect - Analytics

Pittsburgh, PA, United States
IS/IT

Business Analyst

Camp Hill, PA, United States
IS/IT

Sr Business Technical Analyst

Pittsburgh, PA, United States
IS/IT

Associate Application Developer

Camp Hill, PA, United States
IS/IT

Lead Architect - Analytics

Camp Hill, PA, United States
IS/IT

Associate Principal - Provider Practice

Pittsburgh, PA, United States
IS/IT

IT Testing & Quality

Mechanicsburg, PA, United States
IS/IT

IT Infrastructure Analyst

Pittsburgh, PA, United States
IS/IT

IT Testing & Quality

Pittsburgh, PA, United States
IS/IT

Associate Consultant - Instructional Designer

Camp Hill, PA, United States
IS/IT

Business Technical Analyst

Pittsburgh, PA, United States
IS/IT

Senior Business Technical Analyst

Camp Hill, PA, United States
IS/IT

Senior Business Technical Analyst

Pittsburgh, PA, United States
IS/IT

Senior Business Technical Analyst

Wilmington, DE, United States
IS/IT

Business Technical Analyst

Camp Hill, PA, United States
IS/IT

Business Technical Analyst

Wilmington, DE, United States
IS/IT