IT Audit Analyst II - BCB005TD - ORC

<strong>With more than 7,000 employees, we are the largest health insurance company in Michigan. We offer an exciting work environment with a diverse group of employees. Our goal is to make health insurance easier for our members. We want to transform the industry and become a resource that people can trust.</strong>

Detroit, MI

Blue Cross Blue Shield of Michigan

When you think of <a href="" target="_blank" rel="noopener noreferrer">Blue Cross Blue Shield of Michigan</a> for health insurance, you can know you&rsquo;re getting much more. We're a company founded on a tradition of affordable, quality health care for everyone, improving the present and investing in the future.&nbsp;<br /><br />We offer:<br />Plans for employers and individuals that meet today&rsquo;s needs, budgets and lifestyle<br />The largest network of doctors and hospitals in the state<br />Lower health care costs Higher quality health care<br />Award-winning diversity practices<br />Grants and programs that promote better health throughout Michigan<br /><strong><br />Mission:&nbsp;</strong>We commit to being our members&rsquo; trusted partner by providing affordable, innovative products that improve their care and health.<br /><br /><a href="" target="_blank" rel="noopener noreferrer"><strong>Click here</strong></a> to learn more about our commitment to our Social Mission, view company updates and reviews, and view our awards &amp; accolades.<br /><br />For Application Timeline &amp; Selection Process:&nbsp;<a href="" target="_blank" rel="noopener noreferrer">Click Here</a>. Learn more about your options as an external candidate. <a href="" target="_blank" rel="noopener noreferrer">Click here</a> to view open positions.

keywords: job description,department summary,objectives,security,investigate,compliance,develop,risk analysis,assessment,report,business process,collaborate,education & experience,skills


Competitive Total Compensation Package

Overview: <br />Plan and execute information security initiatives for one or more IT functional areas across the enterprise related to risk management, mitigation and response, compliance, control assurance, and user awareness. Assist in developing and driving security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-consultative services to the organization. Works on multiple medium to complex projects as a team member and leads systems-related security components.<br /><br /> <p><strong>Departmental Summary:</strong></p> <p>This position shall perform cross-functional collaboration with the other members of the information security team, EIT division, and the business to manage the identification, mitigation, resolution, and acceptance/deferral of information security risk to the BCBSM organization. Additionally, this position will serve as the process owner for all identity activities that serve to protect the confidentiality, integrity, and availability of member, employee, and business information and systems in compliance with organization policies and standards. In addition, provide guidance on mandatory and recommended security and IAM controls to ensure they are appropriately implemented. Performs periodic attestation and audit activities to manage and mitigate risks for the organization.</p>
Responsibilities: <br /> <ul> <li>Maintain an up-to-date understanding of industry best practices. Develop, refine, and implement enterprise-wide security policies, procedures, and standards to meet compliance responsibilities. Monitor compliance with security policies, standards, guidelines, and procedures. Ensure security compliance with legal and regulatory standards. Support service-level agreements (SLAs) to ensure that security controls are managed and maintained.</li> <li>Assist in the development of processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.</li> <li>Participate with team(s) to gather a full understanding of project scope and business requirements. Analyze business processes and business requirements to determine conformance to security policies and procedures. Provide security-related guidance on business processes. Participate in designing secure infrastructure solutions and applications.</li> <li>Work directly with the customers, third parties, and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. Conduct business impact analysis to ensure resources are adequately protected with proper security measures. Analyze security analysis reports for security vulnerabilities and recommends feasible and appropriate options.&nbsp;</li> <li>Create, disseminate and update documentation of identified information security risks and controls.&nbsp;</li> <li>Check existing accounts and data access permission requests against documented authorizations. Assist in the data classification process. Develop and generate reports.</li> <li>Assist/perform security assessments and performs security attestations. Participate in security investigations and compliance reviews as requested. Monitor multiple logs across diverse platforms to uncover specific activities as they occur from platform to platform. Consult with clients on security violations. Coordinate all IT internal and external assessment components.</li> <li>Perform security monitoring and reporting, analyze security alerts and escalate security alerts to local support teams.</li> <li>Provide security support for application- and infrastructure-related projects to ensure that security issues are addressed throughout the project life cycle. Assist in the development and implementation of information security disaster recovery test plans. Provide responsive support for problems found during normal working hours as well as outside normal working hours.</li> <li>Perform control and vulnerability assessments. Respond to security incidents, conduct forensic investigations, and target reviews of suspect areas.</li> <li>Generate ad-hoc and routine performance reports. Analyze reports and makes recommendations for improvements.&nbsp; Communicate reporting results to information security management.</li> <li>Assist in application security risk assessments for new or updated internal or third-party applications. Assist in the evaluation and recommendation for tools and solutions that provide security functions.</li> <li>Collaborate on projects to ensure that security issues are addressed throughout the project life cycle. Report to management concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.</li> </ul>
Requirements: <br /> <ul> <li>Bachelor&rsquo;s degree in related field preferred.</li> <li>Three (3) years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, database design, and administration required.</li> <li>Knowledge and familiarity with security frameworks (e.g. HITRUST) preferred.</li> <li>Professional certification in technical security areas preferred.</li> <li>Knowledge of security issues, techniques, and implications across all existing computer platforms required.</li> <li>Strong analytical, problem-solving, and consulting skills with knowledge of Information Security and related technologies.&nbsp;</li> <li>Knowledge of approaches, tools, and techniques for recognizing, anticipating, and resolving problems; ability to apply this knowledge to diverse situations.</li> <li>Accuracy and attention to detail.</li> <li>Written and verbal communication skills.</li> <li>Ability to work independently, or within a team environment.</li> <li>Other related skills and/or abilities may be required to perform this job.</li> </ul>