Cyber Security Controls Consultant

Job ID: J118163
Company: HM Health Solutions Inc.
Location: Pittsburgh, PA, United States
Full/Part Time: Full time
Job Type: Regular
Posted at: Jun 8, 2018

Share:

Description

The Information Security Controls Analyst is a subject matter expert within their assigned information security compliance domain. Key responsibilities will be leading information security control adherence, through working directly with enterprise areas on the operating effectiveness of controls.  This role will be expected to follow established standards, industry testing methodology, risk methodology, as well as suggest domain improvements; to assist in the composition and analysis of the results of the control adherence and reporting outcomes to senior management.

In this role, you will become a subject matter expert in the controls and domains that you review and act as a resource for escalation and clarification on test procedures, evidentiary requirements, or results.  In addition, this role will act as a mentor to new members of the Information Security Compliance Management team and conduct training as needed to meet quality through established standards. Information Security Controls Analysts will analyze and monitor controls adherence. Regular review and understanding of the information security regulatory guidance changes and ensure domains are informed to accordingly. Ensures engagements are planned and executed for program effectiveness, along with meeting the strategic plans of the Information Security Risk Management and Information Security Compliance Management department. 

Key Responsibilities:

  • Assessment of controls and monitoring plans
  • Makes process improvement and control enhancement suggestions to exceed baseline requirements
  • Compliance risk monitoring, analysis, and mitigation activities
  • Risk monitoring and reporting requirements
  • Participates in compliance initiatives, business as usual activities, ad hoc requests, and identifies potential compliance risk impacts or exposures
  • Knowledge of and ability to utilize tools, techniques and processes for gathering and reporting data in a particular department or division of a company
  • SOC2 experience along with control frameworks expertise in HITRUST, NIST SP 800-53, PCI DSS, CIS Critical Security Controls, and ISO 27001/2700

REQUIRED EDUCATION

  • Bachelor's Degree - Information Security, Information Systems,  Information Assurance, Computer Science or related field

Substitutions

  • At least 7 years' experience in Information Security, Governance, Risk and/or Compliance

PREFERRED EDUCATION

  • Master’s Degree - Computer Science, Information Security or related field

MINIMUM EXPERIENCE

  • 3 - 5 years' of experience in Information Security and/or Information Risk Management and/or Information Technology                  
  • 1 - 3 years' of experience within Information Security Governance, Risk and/or Compliance functions and activities                       
  • 1 - 3 years’ of experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences                 
  • Familiarity with technologies such as intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms

PREFERRED EXPERIENCE

  • 5 - 7 years' of experience in Information Security and/or Information Risk Management and/or Information Technology
  • Experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework      
  • Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits                           
  • IT/information security risk advisory experience 
  • Governance Risk and Compliance (GRC) tool experience such as ARCHER                    
  • In-depth understanding of network security architecture, network and networking protocols                         
  • Security industry organization participation / leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.)

KNOWLEDGE, SKILLS & ABILITIES

  • SOC2 experience along with control frameworks expertise in HITRUST, NIST SP 800-53, PCI DSS, CIS Critical Security Controls, and ISO 27001/2700
  • Knowledge of NIST Risk Assessment methodology                               
  • Familiarity with secure SDLC best practices                           
  • Knowledge of OCTAVE or OCTAVE Allegro risk methodology                             
  • Ability to work within high performance, multi-discipline teams
  • Strong teamwork and interpersonal skills

PREFERRED LICENSURE

  • Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Global Information Assurance Certification Security Essentials Certification (GSEC), SANS or similar industry certifications

TRAVEL REQUIREMENT

0%- 25%

Referral Payout Level: 1

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability.
EEO is The Law
Equal Opportunity Employer Minorities/Women/ProtectedVeterans/Disabled/Sexual Orientation/Gender Identity (http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf)
We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.
For accommodation requests, please call HR Services at 844-242-HR4U or visit HR Services Online at HRServices@highmarkhealth.org

Share:

Interested in working at the Highmark Health enterprise?
Take the first step by joining our Talent Network today!

Join Our Talent Network

Similar Jobs

Senior Business Solutions Consultant

Pittsburgh, PA, United States
IS/IT

Senior Application Developer - Java

Pittsburgh, PA, United States
IS/IT

Senior Consultant

Pittsburgh, PA, United States
IS/IT

Sr Application Developer

Pittsburgh, PA, United States
IS/IT

Business Technical Analyst - Digital Innovation

Pittsburgh, PA, United States
IS/IT

Manager, IT

Pittsburgh, PA, United States
IS/IT

IT Systems Analysis Cslt

Pittsburgh, PA, United States
IS/IT

Sr Application Developer

Camp Hill, PA, United States
IS/IT

Senior Adobe Developer

Camp Hill, PA, United States
IS/IT

Manager Information Systems - IT

Pittsburgh, PA, United States
IS/IT

Business Technical Analyst

Pittsburgh, PA, United States
IS/IT

Sr. IT Systems Analyst

Pittsburgh, PA, United States
IS/IT

Business Technical Analyst

Pittsburgh, PA, United States
IS/IT

Sr. IT Systems Analyst

Camp Hill, PA, United States
IS/IT

Manager of IT, Membership

Pittsburgh, PA, United States
IS/IT

Application Developer

Harrisburg, PA, United States
IS/IT

Team Manager, IT

Pittsburgh, PA, United States
IS/IT

Associate Consultant - Analytics & Informatics

Pittsburgh, PA, United States
IS/IT

Application Developer

Pittsburgh, PA, United States
IS/IT

IT Infrastructure Representative

Pittsburgh, PA, United States
IS/IT

Associate Consultant - Analytics & Informatics

Camp Hill, PA, United States
IS/IT

Senior Consultant - Supervisor

Camp Hill, PA, United States
IS/IT

Senior Architect

Pittsburgh, PA, United States
IS/IT