Identity and Access Management-Information Security Analyst

To learn more about Arkansas Blue Cross and Blue Shield Hiring Policies, please click .

Applicants must be eligible to begin work on the date of hire. Applicants must be currently authorized to work in the United States on a full-time basis.

ARKANSAS BLUE CROSS BLUE SHIELD will NOT sponsor applicants for work visas in this position.

Arkansas Blue Cross is only seeking applicants for remote positions from the following states :

Arkansas, Florida, Georgia, Illinois, Kansas, Louisiana, Minnesota, Mississippi, Oklahoma, South Carolina, Tennessee, Texas, Virginia and Wisconsin.

Workforce Scheduling

Job Summary

The Information Security Analyst is responsible for the operations, administration, and governance of the enterprise security solutions and processes.

Requirements

EDUCATION

High School diploma or equivalent

Bachelor’s degree in Business, Computer Science, Management Information Systems, or related field. In lieu of degree, minimum five (5) years' relevant experience will be considered.

LICENSING / CERTIFICATION

Professional security management certification (Certified Information Systems Security Professional (CISSP)) or other similar credentials desired.

EXPERIENCE

Minimum three (3) years' experience conducting various system audits and working with external vendors, conducting information security risk assessments and / or experience related to information security, business continuity, or disaster recovery.

Knowledge of at least one (1) common information security management framework, such as HIPAA, HITRUST, ISO / IEC 27001, ITIL, NIST, COBIT, and / or ITL.

System analysis experience preferred.

Project management experience preferred.

Data testing and / or software application testing preferred.

ESSENTIAL SKILLS & ABILITIES

Detail-Oriented

Critical thinking

Strong analytical skills

Problem sensitivity

Ingenuity

Project management skills

Excellent communication skills

Ability to build collaborative relationships.

Skills

Analytical, Critical Thinking, Cultivate Relationships, Detail-Oriented, Oral Communication, Project Management, Written Communication

Responsibilities

Asset Security : Provides guidance and policy expertise for data security, specifically regarding data classification, data storage, data transmission, and data lifecycle.

Sets baseline configurations and monitor data governance. Sets policy and enforcement on security standards, such as file permissions, encryption, cloud data security, network assets, endpoint requirements, and others.

Communication and Network Security : Provides / supports network monitoring solutions within SOC / SIEM implementation.

Handles initial incident response functions. Provides limited consultation to support elements within this domain. Oversees implementation, configuration, maintenance, and changes for all network security capabilities and assets.

Identity and Access Management : Provides account security management and control across all account security systems. Manages privileged access management entitlement review / approvals.

Conducts usage audits, verify removal and retired accounts, approve launcher requests, and provides end user support. Creates, modifies, deletes, and retires member accounts.

Manages role entitlement process. Maintains Workday integration. Manages access management application / system updates and testing.

Performs other duties as assigned., Security and Risk Management : Provides guidance to business partners for all information security-related issues and identified security risks.

Creates, manages, and enforces information security policy. Provides oversight of framework compliance. Manages enterprise audit remediation and CAP management.

Manages vulnerability management plan. Conducts anti-phishing campaigns. Conducts and manages the security awareness and training program.

Manages the third party risk management program., Security Architecture and Engineering : Ensures information security is designed with confidentiality, integrity, and access in mind.

Sets security requirements. Ensures system redundancy and fault tolerance. Sets standards for mobile and web security. Ensures security of IoT devices.

Security Assessment and Testing : Provides requested evidence / artifacts for all security-related assessments / audits.

Coordinates and schedule security assessments required of the Enterprise. Coordinates and ensures the quality of outside vendor-provided security assessments, risk assessments, and penetration testing of enterprise assets, Security Operations : Applies information security concepts, techniques, and best practices to support incident response plans and capabilities.

Conducts and supports investigations, conducts logging and monitoring activities, securely provisions resources, tests disaster recovery plans, and addresses personnel safety and security concerns.

Software Development Security : Provides technical consultation as required. Oversees the static and dynamic scanning of internally developed software within the company and provide reports to ensure proper remediation of code vulnerabilities.

Reviews SDLC documentation to ensure compliance with established company and regulatory standards as applicable., This is an all-inclusive responsibility listing for all levels of Information Security Analyst.

Incumbent is responsible for :

Role) Proficiency in three (3) security components :

Certifications

Security Requirements

This position is identified as level three (3). This position must ensure the security and confidentiality of records and information to prevent substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained.

The integrity of information must be maintained as outlined in the company Administrative Manual.

Segregation of Duties

Segregation of duties will be used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business.

This position must adhere to the segregation of duties guidelines in the Administrative Manual.

Employment Type

Regular

ADA Requirements

2.1 General Office Worker, Semi-Active, Campus Travel - Someone who normally works in an office setting or remotely, periodically has lifting and carrying requirements up to 40 lbs and routinely travels for work within walking distance of location of primary work assignment as essential functions of the job.