Information Security Specialist II

<p>With more than 7,000 employees, we are the largest health insurance company in Michigan. We offer an exciting work environment with a diverse group of employees. Our goal is to make health insurance easier for our members. We want to transform the industry and become a resource that people can trust.</p>

Detroit, MI

Blue Cross Blue Shield of Michigan

When you think of <a href="https://www.bcbsm.com/" target="_blank" rel="noopener noreferrer">Blue Cross Blue Shield of Michigan</a> for health insurance, you can know you&rsquo;re getting much more. We're a company founded on a tradition of affordable, quality health care for everyone, improving the present and investing in the future.<br /><br />We offer:<br />Plans for employers and individuals that meet today&rsquo;s needs, budgets and lifestyle<br />The largest network of doctors and hospitals in the state<br />Lower health care costs Higher quality health care<br />Award-winning diversity practices<br />Grants and programs that promote better health throughout Michigan<br /><strong><br />Mission:&nbsp;</strong>We commit to being our members&rsquo; trusted partner by providing affordable, innovative products that improve their care and health.<br /><br /><a href="http://www.bcbsm.com/index/about-us/our-company.html" target="_blank" rel="noopener noreferrer"><strong>Click here</strong></a> to learn more about our commitment to our Social Mission, view company updates and reviews, and view our awards &amp; accolades.<br /><br />Learn more about your options as an external candidate. <a href="https://bcbsm.taleo.net/careersection/2/jobsearch.ftl?lang=en" target="_blank" rel="noopener noreferrer">Click here</a> to view open positions. http://www.bcbsm.com

keywords: planning,security,teamwork,analysis,security,support,risk management,maintain,compliance,leadership,strategy,assessment,experience,knowledge,security,department requirements,degree,analysis,proficiency

Full-Time

Competitive Total Compensation Package

Overview: <span style="font-size: small;">Oversee planning, execution and management of multi-faceted projects/programs for multiple functional areas across the enterprise related to risk management, compliance, control assurance, and infrastructure/information asset protection. Develop and drive security strategies, policies/standards, ensuring the effectiveness of solutions for critical and/or highly complex projects, and providing security-consultative services to the organization.</span>
Responsibilities: <div id="requisitionDescriptionInterface.ID1502.row1" class="contentlinepanel" title=""> <ul> <li> <div><span style="font-size: small;">Provide strategic and tactical direction and consultation on information security and compliance. Participate in security planning and analyst activities.&nbsp; Work in combination with IT Delivery Lead/Manager to ensure security is engaged in projects.</span></div> </li> <li> <div><span style="font-size: small;">Act as primary support contact for the development of secure applications and processes.&nbsp; Provide objective evaluations of security controls, mechanisms and goals in comparison to best practices.&nbsp; Develop, refine and implement enterprise-wide security policies, procedures, and standards across multiple platform and application environments to meet compliance responsibilities.&nbsp; Ensure policies, procedures, standards and system configurations are documented and tracked.&nbsp; Monitor the legal and regulatory environment for development.&nbsp; Recommend, manage, and implement required changes to information security policies and procedures.&nbsp; Monitor compliance with security policies, standards, guidelines and procedures. Develop processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting and escalation.</span></div> </li> <li> <div><span style="font-size: small;">Ensure security compliance with legal and regulatory standards.&nbsp; Engage directly with the business to gather a full understanding of project scope and business requirements..&nbsp; Provide security-related guidance on business process.&nbsp; Work closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls.</span></div> </li> <li> <div><span style="font-size: small;">Work directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. Participate in the development and maintenance of a global risk framework (a single view of the company&rsquo;s risk profiles and tolerance.).&nbsp; Capture, maintain, and monitor information security risk in one repository.&nbsp; Serve as a subject matter expert (SME) for performing vendor risk assessments to improve overall vendor risk program.</span></div> </li> <li> <div><span style="font-size: small;">A</span><span style="font-size: small;">ssess threats and vulnerabilities regarding information assets and recommend the appropriate information security controls and measures.&nbsp; Develop and implement strategies to align information security with business objectives and goals, protecting the integrity, confidentiality and availability of data.</span></div> </li> <li> <div><span style="font-size: small;">Assist/perform in security assessments and performs security attestations.&nbsp; Participate in security investigations and compliance reviews as requested.&nbsp; Consult with clients on security violations.&nbsp; Act as liaison between internal audit and IT to ensure commitments are met and controls are properly implemented.&nbsp; Ensure coordination of all IT internal and external assessment components.</span></div> </li> <li> <div><span style="font-size: small;">Define security configuration and operations standards for security system and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.&nbsp; Define and validate baseline security configurations for operating systems, applications, networking and telecommunications equipment.&nbsp; Identify and coordinate resolution of information security recovery issues.</span></div> </li> <li> <div><span style="font-size: small;">Lead and review application security risk assessments for new or updated internal or third party applications.&nbsp; Maintain contact with vendors regarding security system updates and technical support of security products.&nbsp; Assist in cost-benefit and risk analysis.&nbsp; Security trend and provide recommendations.</span></div> </li> <li> <div><span style="font-size: small;">Drive IT changes to ensure effective risk based implementations, awareness and accountability.&nbsp; Evaluate the effectiveness of awareness and training programs and makes recommendations for improvement.&nbsp; Conduct knowledge transfer training sessions to security operations team upon technology implementation.</span></div> </li> <li> <div><span style="font-size: small;">Other duties as assigned.&nbsp;</span></div> </li> </ul> </div>
Requirements: <p><strong>Qualifications</strong></p> <strong>Education</strong><strong>&nbsp;and/or Experience</strong> <ul> <li>Bachelor's degree in related field preferred.</li> <li>Seven (7) years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, and systems administration.</li> <li>Five (5) years of experience designing and deploying security solutions at the enterprise level required.</li> <li>Certified Information Systems Security Professional (CISSP) or Certified Information Security Management (CISM) certifications required.</li> </ul> <p><strong>Other Skills and Abilities</strong></p> <ul> <li>In-depth knowledge of security issues, techniques and implications across all existing computer platforms required.</li> <li>Strong analytical, problem solving, and consulting skills with knowledge of Information Security and related technologies.</li> <li>Knowledge of approaches, tools, and techniques for recognizing, anticipating, and resolving problems ability to apply this knowledge to diverse situations.</li> <li>Experience designing and implementing security solutions.</li> <li>A high proficiency level in specific job related skills is required accuracy and attention to detail skills.</li> <li>Written and verbal communication skills.</li> <li>Other related skills and/or abilities may be required to perform this job.</li> </ul> <p><strong>Departmental Requirements:</strong></p> <ul> <li>Strong working knowledge of performing security risk assessments using the HIPAA, HITRUST, NIST, and ISO security regulations and frameworks.</li> <li>Strong team lead with ability to provide management reporting, presentations, and the ability to work within a highly effective, cohesive and collaborative team.&nbsp;</li> <li>Foundational understanding of information security governance, risk, and assurance concepts applied within a complex enterprise environment.</li> </ul>