Systems Analyst I

<p>Information technology is the backbone of Blue Cross Blue Shield of Michigan and Blue Care Network, supporting everything we do to improve the health of Michigan&rsquo;s residents and communities.&nbsp; We are invested in advancing technology to provide best-in-class customer support, protect member information with enhanced security, and develop sophisticated technologies. Join us and help shape the future of IT and health care in Michigan.</p>

Detroit, MI

Blue Cross Blue Shield of Michigan

When you think of <a href="https://www.bcbsm.com/" target="_blank" rel="noopener noreferrer">Blue Cross Blue Shield of Michigan</a> for health insurance, you can know you&rsquo;re getting much more. We're a company founded on a tradition of affordable, quality health care for everyone, improving the present and investing in the future.<br /><br />We offer:<br />Plans for employers and individuals that meet today&rsquo;s needs, budgets and lifestyle<br />The largest network of doctors and hospitals in the state<br />Lower health care costs Higher quality health care<br />Award-winning diversity practices<br />Grants and programs that promote better health throughout Michigan<br /><strong><br />Mission:&nbsp;</strong>We commit to being our members&rsquo; trusted partner by providing affordable, innovative products that improve their care and health.<br /><br /><a href="http://www.bcbsm.com/index/about-us/our-company.html" target="_blank" rel="noopener noreferrer"><strong>Click here</strong></a> to learn more about our commitment to our Social Mission, view company updates and reviews, and view our awards &amp; accolades.<br /><br />Learn more about your options as an external candidate. <a href="https://bcbsm.taleo.net/careersection/2/jobsearch.ftl?lang=en" target="_blank" rel="noopener noreferrer">Click here</a> to view open positions. http://www.bcbsm.com

keywords: planning,technical,security,support,teamwork,monitoring,compliance,reporting,department preferences,education,experience,knowledge

Full-time

Competitive Total Compensation Package

Overview: <strong><span style="font-size: small;">Plan, execute information security initiatives for one functional area related to risk management, mitigation and response, compliance, control assurance, and user awareness. Assist in developing and driving security strategies, policies/standards, ensuring the effective of solutions, and providing security-consultative services to the organization.</span></strong>
Responsibilities: <ul> <li>Propose improvements and assist in the implementation of enterprise-wide security policies, procedures and standards to meet compliance responsibilities. Track changes to security policies, procedures, standards and system configurations. Monitor compliance with security policies, standards, guidelines and procedures. Ensure security compliance with legal and regulatory standards.</li> <li>Participate with team(s) to gather a full understanding of project scope and business requirements. Maintain awareness of current business processes and their security risks.</li> <li>Assist in business impact analysis to ensure resources are adequately protected with proper security measures. Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.</li> <li>Run security analysis reports using commercial tools or custom scripts and documents gaps. Update and maintain documentation for a global risk framework (a single view of the information security risk profiles and tolerance.). Capture, maintain, and monitor information security risk in one repository.</li> <li>Check existing accounts and data access permission requests against documented authorizations. Gather, organize, and maintain data for reporting.</li> <li>Assist/perform in security assessments and performs security attestations. Inspect security logs to uncover possible security violations (e.g., break-ins, unauthorized activity). Check existing accounts and data access permission requests against documented authorizations. Support the coordination of all IT internal and external assessment components.</li> <li>Perform security monitoring and reporting, analyze security alerts and escalate security alerts to local support teams.</li> <li>Participate in recovery drills. Provide security support for application- and infrastructure-related projects to ensure that security issues are addressed throughout the project life cycle. Provide responsive support for problems found during normal working hours as well as outside normal working hours.</li> <li>Resolve problems and assists with security incident handling. Respond to security incidents and assists in forensic investigations.</li> <li>Gather and track information security metrics. Generate ad-hoc and routine reports.</li> <li>Assist in application security risk assessments for new or updated internal or third-party applications. Assist in the evaluation and recommendation for tools and solutions that provide security functions.</li> <li>Provide updates and status of issues to information security teams.&nbsp;</li> <li>Other duties may be assigned.</li> </ul>
Requirements: <p><strong>EDUCATION AND/OR EXPERIENCE</strong></p> <ul> <li>Bachelor's degree in computer related field preferred.</li> <li>One (1) year of IT work experience required.</li> </ul> <p><strong>DEPARTMENTAL PREFERENCES</strong></p> <ul> <li>Experience in planning and implementing security test efforts, which includes manual security testing and&nbsp;developing custom security assessment scripts or programs.</li> <li>Experience utilizing vulnerability assessment tools such as Nessus, AppDetective, Burp Suite, WebInspect, AppScan, and Fortify.</li> <li>Practical knowledge and experience with OWASP top ten issues with an understanding of web-based application vulnerabilities.</li> <li>Self-motivated with ability to work with minimal supervision.</li> <li>Excellent problem-solving skills.</li> <li>Application development experience with programming languages such as Java, C, C++, C#, asp, and .NET.</li> <li>Ability to review and audit source code analysis report.</li> </ul> <p><strong>OTHER SKILLS AND ABILITIES</strong></p> <ul> <li>Strong analytical, problem solving and consulting skills with knowledge of Information Security and related technologies.</li> <li>Accuracy and attention to detail skills.</li> <li>Written and verbal communication skills.</li> <li>Ability to work independently, or within a team environment.</li> <li>Other related skills and/or abilities may be required to perform this job.</li> </ul>