Cyber Security Controls Consultant

Job ID: J127440
Company: HM Health Solutions Inc.
Location: Pittsburgh, PA, United States
Full/Part Time: Full time
Job Type: Regular
Posted at:

Share:

Description

The Information Security Controls Analyst is a subject matter expert within their assigned information security compliance domain. Key responsibilities will be leading information security control adherence, through working directly with enterprise areas on the operating effectiveness of controls.  This role will be expected to follow established standards, industry testing methodology, risk methodology, as well as suggest domain improvements; to assist in the composition and analysis of the results of the control adherence and reporting outcomes to senior management.

In this role, you will become a subject matter expert in the controls and domains that you review and act as a resource for escalation and clarification on test procedures, evidentiary requirements, or results.  In addition, this role will act as a mentor to new members of the Information Security Compliance Management team and conduct training as needed to meet quality through established standards. Information Security Controls Analysts will analyze and monitor controls adherence. Regular review and understanding of the information security regulatory guidance changes and ensure domains are informed to accordingly. Ensures engagements are planned and executed for program effectiveness, along with meeting the strategic plans of the Information Security Risk Management and Information Security Compliance Management department. 

Key Responsibilities:

  • Assessment of controls and monitoring plans
  • Makes process improvement and control enhancement suggestions to exceed baseline requirements
  • Compliance risk monitoring, analysis, and mitigation activities
  • Risk monitoring and reporting requirements
  • Participates in compliance initiatives, business as usual activities, ad hoc requests, and identifies potential compliance risk impacts or exposures
  • Knowledge of and ability to utilize tools, techniques and processes for gathering and reporting data in a particular department or division of a company
  • SOC2 experience along with control frameworks expertise in HITRUST, NIST SP 800-53, PCI DSS, CIS Critical Security Controls, and ISO 27001/2700

REQUIRED EDUCATION

  • Bachelor's Degree - Information Security, Information Systems,  Information Assurance, Computer Science or related field

Substitutions

  • At least 7 years' experience in Information Security, Governance, Risk and/or Compliance

PREFERRED EDUCATION

  • Master’s Degree - Computer Science, Information Security or related field

MINIMUM EXPERIENCE

  • 3 - 5 years' of experience in Information Security and/or Information Risk Management and/or Information Technology                  
  • 1 - 3 years' of experience within Information Security Governance, Risk and/or Compliance functions and activities                       
  • 1 - 3 years’ of experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences                 
  • Familiarity with technologies such as intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms

PREFERRED EXPERIENCE

  • 5 - 7 years' of experience in Information Security and/or Information Risk Management and/or Information Technology
  • Experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework      
  • Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits                           
  • IT/information security risk advisory experience 
  • Governance Risk and Compliance (GRC) tool experience such as ARCHER                    
  • In-depth understanding of network security architecture, network and networking protocols                         
  • Security industry organization participation / leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.)

KNOWLEDGE, SKILLS & ABILITIES

  • SOC2 experience along with control frameworks expertise in HITRUST, NIST SP 800-53, PCI DSS, CIS Critical Security Controls, and ISO 27001/2700
  • Knowledge of NIST Risk Assessment methodology                               
  • Familiarity with secure SDLC best practices                           
  • Knowledge of OCTAVE or OCTAVE Allegro risk methodology                             
  • Ability to work within high performance, multi-discipline teams
  • Strong teamwork and interpersonal skills

PREFERRED LICENSURE

  • Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Global Information Assurance Certification Security Essentials Certification (GSEC), SANS or similar industry certifications

TRAVEL REQUIREMENT

0%- 25%

Referral Payout Level: 4

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, national origin, sexual orientation/gender identity or any other category protected by applicable federal, state or local law. Highmark Health and its affiliates take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, sexual orientation/gender identity, protected veteran status or disability.
EEO is The Law
Equal Opportunity Employer Minorities/Women/ProtectedVeterans/Disabled/Sexual Orientation/Gender Identity (http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf)
We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact number below.
For accommodation requests, please call HR Services at 844-242-HR4U or visit HR Services Online at HRServices@highmarkhealth.org

Share:

Interested in working at the Highmark Health enterprise?
Take the first step by joining our Talent Network today!

Join Our Talent Network

Similar Jobs

Practice Supervisor - Digestive Health - Wexford

Wexford, PA, United States
Administrative Services

Outpatient Registered Nurse- Oncology- Butler

Butler, PA, United States
Nursing

Scheduler - Surgery Center - Monroeville - Full Time

Monroeville, PA, United States
Patient Support

Radiology Technologist

Pittsburgh, PA, United States
Tech

Radiology Technologist- Part-time

Pittsburgh, PA, United States
Tech

PATIENT HOST OR HOSTESS

Pittsburgh, PA, United States
Food/Nutrition

Supervisor of Customer Service

Wilmington, DE, United States
Customer Service

Manager- Budget Administration

Camp Hill, PA, United States
Finance

Clinical Documentation Specialist

Monroeville, PA, United States
Nursing

Customer Service Representative

Pittsburgh, PA, United States
Customer Service

Senior Products Telesales Representative (Licensed Medicare Advisor)

Pittsburgh, PA, United States
Sales/Account Management

Health Innovator

Pittsburgh, PA, United States
Strategic Planning/Corp Development

Nurse Practitioner - Family Medicine - Erie Health + Wellness Pavilion

Erie, PA, United States
Direct Patient Care Providers

Nurse Practitioner - Family Medicine - McMurrary

McMurray, PA, United States
Direct Patient Care Providers

Nurse Practitioner - Urgent Care - Erie - Per Diem/Casual

Erie, PA, United States
Direct Patient Care Providers

Certified Registered Nurse Practitioner - Allegheny County Jail

Pittsburgh, PA, United States
Direct Patient Care Providers

Senior Strategy Partner

Pittsburgh, PA, United States
Strategic Planning/Corp Development

Patient Access Coordinator I - Integrative Health - Bellevue

Bellevue, PA, United States
Administrative Services

Associate Enrollment Coordinator

Pittsburgh, PA, United States
Customer Service

Stationary Engineer

Monroeville, PA, United States
Facilities Management & Real Estate

Nurse Practitioner - Urgent Care - Erie - Per Diem/Casual

Erie, PA, United States
Direct Patient Care Providers

Patient Care Associate - Orthopedics, Med/Surg

Natrona Heights, PA, United States
Patient Support

PHARMACY TECHNICIAN

Pittsburgh, PA, United States
Pharmacy

Food Service Associate -Utility

Pittsburgh, PA, United States
Food/Nutrition

Cook

Pittsburgh, PA, United States
Food/Nutrition