IS Security Risk Analyst III # JN -062021-65966
Position title : IS Security Risk Analyst III
Duration : 6 months
Location : Columbia, SC
IDEAL candidate will have 1 Certification, but Certification is not required as long as candidate meets mins without it and has overall strong background and worked as an IT Auditor.
-- CISSP, CISA, CISM, MCSE, GIAC or equivalent security / infrastructure certification (Highly Desired)
CANDIDATE TECHNICAL BACKGROUND:
- 6 years of I/T experience including 4 years of IT security, risk assessment and/or compliance
- Experience with NIST, FISMA, COBIT, SSAE16, PCI, SOX, HIPAA, or other regulatory requirements.
- Experience working on Security Management Plan
- Experience with working on vulnerability matrices
- Experience with the scanning and remediation of I/S assets using automated tools is beneficial (i.e. Nessus, AppDetective, Vanguard, etc.).
- Knowledge of technical security controls from NIST, DISA, USGCB, etc. compliance domains across multiple platforms.
- Deep understanding of security risk exposures and how vulnerabilities can be translated into business risk that leadership understands.
- Advanced knowledge on security risk assessment execution.
- Expert level knowledge on risk mitigation strategies.
- Excel expert with the ability to analyze, trend and forecast from high volumes of compliance data.
- Proficient with MS Word.
PREFERRED / HIGHLY DESIRED BACKGROUND:
- Experience with compliance programs within a government agency (i.e. Medicare, Tricare) is preferred.
- Any experience with Visio or PowerPoint a plus.
- Any experience with DoD, DIARMF or FedRamp program are a plus.
- SQL experience a plus.
DAILY JOB RESPONSIBILITIES:
- Defining, documenting and implementing Information Security standards and policies across the enterprise
- Working with external auditors to provide support as needed
- Reviewing customer contracts, RFP’s and requirements for appropriateness
- Establishing and maintaining an overall information security program
- Assuring industry advisories, alerts or other requirements are acted upon in an appropriate and timely manner
- Assuring incident response measures are in place to respond to information security events
- Assessing the state of BlueCross BlueShield of SC information security on a periodic basis
- Providing information security related guidance to I/S
- Working with Line of Business (LOB) security officers to coordinate efforts
- Maintaining a repository of information security data and compliance guidance
- Providing Corporate Security Council coordination and support