Arkansas Blue Cross Blue Shield

Founded in 1948, Arkansas Blue Cross and Blue Shield, an Independent Licensee of the Blue Cross and Blue Shield Association, is the largest health insurer in Arkansas. Arkansas Blue Cross is a not-for-profit mutual insurance company offering sales, customer service, medical management and provider relations services to counties in their parts of the state.

Arkansas Blue Cross Blue Shield North Little Rock, AR, USA
10/12/2018
Full time
The Information Security Analyst (ISA) is responsible for a variety of security functions within the Enterprise Information Security Office (EIS) to include working with auditors to conduct regular security audits and provide feedback and presentations to executives on those audits. Additionally, this individual will become instrumental in working with other members of the EIS in ensuring identified security corrective actions are assigned and resolved accurately and on time. The ISA will review and research security requirements and compliance requests from vendors, as well as review contracts requiring security input and validation. Additionally, the ISA will assist members of the EIS in responding to data incidents and coordinate with IS&T resources to research incidents. Nature & Scope Strategic: 1. Work as a member of the EIS to help guide and develop policies and procedures surrounding security related systems and tools 2. Partner with departments across the enterprise to implement processes and procedures that align with guidelines provided by various frameworks and customers Operational: 1. Responsible for researching and providing input on policies and procedures within the enterprise to ensure compliance with Hitrust and other requirements. 2. Assist with security projects, providing deliverables on-time, within scope and within budget, as required 3. Assist in event research process by providing guidance and support as required 4. Conduct vulnerability and compliance assessments, monitoring, follow up, and reporting on deficiencies and proposed remedies required. 5. Work with members of the EIS team and external vendors to conduct penetration testing and risk assessment analysis 6. Provide support for all enterprise security audits 7. Establish and maintain cooperative and productive relationships with stakeholders including IS&T staff, Enterprise business areas, third parties and contractors. Transformational: 1. Cultivates business and IS&T partnerships to significantly improve business operations or competitive advantage by delivering IS&T services in radically new ways, and initiating innovations that lead to high value products or services. 2. Is an enterprise wide credible change agent to align peer-level stakeholders, develop strong cross-functional teams and lead the transformational changes in EIS, IS&T, and beyond. Minimum Job Requirements Level 1 Bachelor's degree from an accredited college or university (prefer degree in Computer Information Systems, Computer Science, Business, etc.) OR a minimum of five (5) years of prior experience in information security, information technology, or programming. Preferred experience in conducting audits within various systems and working within external vendors.  Must demonstrate excellent interpersonal, organizational and judgment skills. Must possess strong writing, analytical, and grammar skills, as well as critical thinking and problem-solving ability. Must demonstrate the ability to work closely with various management, supervisory and operational team members as well as external vendors and other entities. Preferred knowledge of common information security management frameworks, e.g. HIPAA, HITRUST, ISO/IEC 27001, ITIL, NIST, COBIT, ITL, etc. is a plus. IBM Guardium experience a plus. Level 2 Bachelor's degree from an accredited college or university (prefer degree in Computer Information Systems, Computer Science, Business, etc.) OR a minimum of five (5) years of prior experience in information security, information technology, or programming. Experience in in conducting audits within various systems and working within external vendors.  Must demonstrate excellent interpersonal, organizational and judgment skills. Must possess strong writing, analytical, and grammar skills, as well as critical thinking and problem-solving ability. Must demonstrate the ability to work closely with various management, supervisory and operational team members as well as external vendors and other entities. Knowledge of at least one (1) common information security management frameworks, e.g. HIPAA, HITRUST, ISO/IEC 27001, ITIL, NIST, COBIT, ITL, etc. IBM Guardium experience a plus One (1) year of project management experience required Level 3 Bachelor's degree from an accredited college or university (prefer degree in Computer Information Systems, Computer Science, Business, etc.) OR a minimum of five (5) years of prior experience in information security, information technology, or programming. Two (2) years’ experience in in conducting audits within various systems and working within external vendors.  Must demonstrate excellent interpersonal, organizational and judgment skills. Must possess strong writing, analytical, and grammar skills, as well as critical thinking and problem-solving ability. Must demonstrate the ability to work closely with various management, supervisory and operational team members as well as external vendors and other entities. Knowledge of at least one (1) common information security management frameworks, e.g. HIPAA, HITRUST, ISO/IEC 27001, ITIL, NIST, COBIT, ITL, etc. Two (2) years of project management experience required IBM Guardium experience a plus Demonstrated multidisciplinary communications skills across all levels of an organization