Information Security Analyst IV

The Information Security Analyst IV performs assigned professional tasks at an advanced professional level, serving frequently as a recognized subject matter expert and/or internal advisor. This position performs ongoing, operational tasks, including the most critical or challenging assignments, serves as an internal technical resource and works in one or more functions, such as risk assessment, business continuity, system configuration and compliance with security requirements, security operations, etc. This position provides the division services to protect the confidentiality, integrity, and availability of information and technical environments and to support information security goals and objectives. This position is responsible for ensuring information security requirements within the corporation are being adhered to.

Essential Functions

• Coordinates corporate-wide business continuity and disaster recovery plans and efforts for existing business and IT critical applications and infrastructure. Uses formal models, methods and industry standard techniques to assess continuity impacts and security risks.
• Leads risk assessments for security related processes and systems to ensure adherence to stakeholder security requirements. Scopes and drives each assessment to completion. Identifies where risk exists in the organization to ensure it is mitigated to an appropriate level.
• Leads or participates actively with corporate-wide information security project planning and documentation of divisional and corporate projects. Provides guidance and oversight as a subject matter expert for internal and external corporate and IT audits. Provides oversight and management of audit findings or observations, including providing feedback and suggestions on managerial responses to findings and providing status and updates to the management team. Supports processes for providing audit evidence to include identification, collection and review of relevant data.
• May serve as a technical expert and provides advice and support in problems related to security. Works with internal and external teams to resolve escalated and complex issues.
• Develops and analyzes security reports and reports security incidents to compliance staff and department leadership in a timely manner. Monitors audit system to find security violations, vulnerabilities and abnormalities and notifies system administrators and leadership.
• Identifies security incidents and responds to ensure risk is contained, that any potential damage is prevented or minimized and to ensure similar incidents do not occur again. Maintains the integrity of security controls based on toolsets as well as support their updates and use.
• Maintains and improves knowledge of information security technology and trends and familiarity with Company systems and processes. Provides guidance to other security staff.
• Maintains an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes. Works with other departments to provide guidance, based on regulations, policy and procedures, for implementation of appropriate security controls. Provides direction to division during company audits and in maintaining companies Security Plans as required.
• Leads departmental and company initiatives to assist business units in becoming compliant with enterprise policies and regulatory requirements. Conducts initial and ongoing corporate-wide assessments for compliance with Noridian policies and regulatory requirements. Coordinates, schedules and leads project meetings.
• Develops and maintains security control framework, which includes security policies, standards, practices and guidelines.
• Assists incident handling for the Cyber Security Incident Response Team (CSIRT). Completes corrective action plans, resolve audit findings and security issues, ensuring problems are resolved in an effective and timely manner.
• Trains and mentors new and existing staff
• Manages and works through requests in adherence to departmental, corporate security policies and procedures.
• Ensures that customer requests are completed in adherence to Service Level Agreements
• Defines, documents, reviews, and updates security related processes and procedures.

Requirements

Knowledge, Skills and Abilities

Analytical Thinking

Advanced

Specialized Technical Skills

Advanced

Attention to Detail and Accuracy

Intermediate

Coaching

Intermediate

Flexibility and Adaptability

Advanced

Relationship Management

Intermediate

Problem Solving and Resolution

Advanced

Education Requirements

Required: Bachelor's

Preferred: Master's

Field(s) of Study: Information Technology, Computer Science or related field

Experience Requirements

Required: Minimum of 6 Years

Preferred: Minimum of 7 Years

Experience Details: Minimum of 6 years of professional experience in information technology with specific experience in information and/or data security, including project leadership experience is required.

OTHER INFORMATION

Job Posting Policy 6.05

New employees with Blue Cross Blue Shield of North Dakota will be eligible to apply for positions within their assigned department after successfully completing a 90-day review. For positions outside your department, you must attain a minimum of six months of service before you can apply.

EQUAL OPPORTUNITY EMPLOYMENT

Equal Opportunity Employer of Minorities, Females, Protected Veterans and Individual with Disabilities, as well as Sexual Orientation or Gender Identity.

For questions, please email careers@bcbsnd.com

This job posting will be closed 08/29/2018 at 8:00AM CST. No further applications will be considered.