Information Risk Consultant

3 days ago

Apply Now

Receive Emails with Similar Jobs

Highmark Health

WebsiteLinkedInAll Job Openings

health care

10,000+

💰 $5M Grant on 2021-05

Description

• This job works closely with infrastructure architecture/engineering/operations, compliance, privacy, business teams and other areas necessary to identify risks to the business. • Drive solutions ranging from education and awareness to the adoption of new/existing policies, standards, processes, controls and technologies. • Proactively test for compliance with security policies and procedures and recommend potential new approaches. • Conduct Information Risk Assessments as assigned to the team. • Request and analyze documentation necessary to perform appropriate assessment and conduct necessary interviews. • Document and communicate risk assessment results with requestor, security architects and management. • Conduct and formulate appropriate risk scoring, as it relates to threat, vulnerability, likelihood, impact, security controls/counter-measures, etc. • Understand and contribute to inventory of risk register tracking, scoring and associated risk statements. • Perform follow up activities related to exceptions, risk acceptance, corrective action plans and additional mitigation activities. • Communicate risk treatment methodology to appropriate groups. • Partner with multiple projects and initiatives to apply security architecture requirements. • Assist HM Health Solutions teams in developing and maintaining appropriate procedural documentation.

Requirements

• Bachelor's Degree - Information Security, Information Systems, Information Assurance, Computer Science or related field • At least 7 years' experience in Information Security, Governance, Risk and/or Compliance • 3 - 5 years' experience in Information Security and/or Information Risk Management and/or Information Technology • 1 - 3 years' experience within Information Security Governance, Risk and/or Compliance functions and activities • 1 - 3 years’ experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences • Familiarity with technologies such as intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms • 5 - 7 years' experience in Information Security and/or Information Risk Management and/or Information Technology (preferred) • Experience working within an information security function using the HITRUST Common Security Framework (HITRUST CSF), or the NIST 800-83 cyber security framework (preferred) • Experience supporting SSAE 16 or SOC 2 Security Trust Principle audits (preferred) • IT/information security risk advisory experience (preferred) • Governance Risk and Compliance (GRC) tool experience such as ARCHER (preferred) • In-depth understanding of network security architecture, network and networking protocols (preferred) • Security industry organization participation / leadership (HITRUST, ISACA, InfraGard, ISC2, ISSA, etc.) (preferred)