Information Security Analyst I - Vendor Risk Management

With more than 7,000 employees, we are the largest health insurance company in Michigan. We offer an exciting work environment with a diverse group of employees. Our goal is to make health insurance easier for our members. We want to transform the industry and become a resource that people can trust.

Detroit, MI

Blue Cross Blue Shield of Michigan

When you think of <a href="" target="_blank" rel="noopener noreferrer">Blue Cross Blue Shield of Michigan</a> for health insurance, you can know you&rsquo;re getting much more. We're a company founded on a tradition of affordable, quality health care for everyone, improving the present and investing in the future.&nbsp;<br /><br />We offer:<br />Plans for employers and individuals that meet today&rsquo;s needs, budgets and lifestyle<br />The largest network of doctors and hospitals in the state<br />Lower health care costs Higher quality health care<br />Award-winning diversity practices<br />Grants and programs that promote better health throughout Michigan<br /><strong><br />Mission:&nbsp;</strong>We commit to being our members&rsquo; trusted partner by providing affordable, innovative products that improve their care and health.<br /><br /><a href="" target="_blank" rel="noopener noreferrer"><strong>Click here</strong></a> to learn more about our commitment to our Social Mission, view company updates and reviews, and view our awards &amp; accolades.<br /><br />For Application Timeline &amp; Selection Process:&nbsp;<a href="" target="_blank" rel="noopener noreferrer">Click Here</a>. Learn more about your options as an external candidate. <a href="" target="_blank" title="BCBSM" rel="noopener noreferrer">Click here</a> to view open positions.

keywords: position summary,position details,security,assist,maintenance,operations,teamwork,quality assurance,performance,experience,skills,departmental preferences,degree,knowledge,professional


Competitive Total Compensation Package

Overview: <p>This position will be responsible for performing third-party vendor security assessments and developing assessment reporting, as well as reviewing information security requirement contractual agreements.&nbsp; This position will support developing metrics for third-party vendor security assessment activities.</p> <p>Plan, execute information security initiatives for one functional area related to risk management, mitigation and response, compliance, control assurance, and user awareness. Assist in developing and driving security strategies, policies/standards, ensuring the e&nbsp;of solutions, and providing security-consultative services to the organization.</p>
Responsibilities: <ul> <li>Propose improvements and assist in the implementation of enterprise-wide security policies, procedures and standards to meet compliance responsibilities.&nbsp; Track changes to security policies, procedures, standards and system configurations.&nbsp; Monitor compliance with security policies, standards, guidelines and procedures.&nbsp; Ensure security compliance with legal and regulatory standards.</li> <li>Participate with team(s) to gather a full understanding of project scope and business requirements.&nbsp; Maintain awareness of current business processes and their security risks.</li> <li>Assist in business impact analysis to ensure resources are adequately protected with proper security measures.&nbsp; Follow up on deficiencies identified in monitoring reviews, self-assessments, automated assessments, and internal and external audits to ensure that appropriate remediation measures have been taken.</li> <li>Run security analysis reports using commercial tools or custom scripts and documents gaps.&nbsp; Update and maintain documentation for a global risk framework (a single view of the information security risk profiles and tolerance.).&nbsp; Capture, maintain, and monitor information security risk in one repository.</li> <li>Check existing accounts and data access permission requests against documented authorizations.&nbsp; Gather, organize, and maintain data for reporting.</li> <li>Assist/perform in security assessments and performs security attestations.&nbsp; Inspect security logs to uncover possible security violations (e.g., break-ins, unauthorized activity).&nbsp; Check existing accounts and data access permission requests against documented authorizations.&nbsp; Support the coordination of all IT internal and external assessment components.</li> <li>Perform security monitoring and reporting, analyze security alerts and escalate security alerts to local support teams.</li> <li>Participate in recovery drills.&nbsp; Provide security support for application- and infrastructure-related projects to ensure that security issues are addressed throughout the project life cycle.&nbsp; Provide responsive support for problems found during normal working hours as well as outside normal working hours.</li> <li>Resolve problems and assists with security incident handling.&nbsp; Respond to security incidents and assists in forensic investigations.</li> <li>Gather and track information security metrics.&nbsp; Generate adhoc and routine reports.</li> <li>Assist in application security risk assessments for new or updated internal or third party applications.&nbsp; Assist in the evaluation and recommendation for tools and solutions that provide security functions.</li> <li>Provide updates and status of issues to information security teams.&nbsp;</li> </ul>
Requirements: <ul> <li>Bachelor&rsquo;s degree in computer related field preferred.</li> <li>One (1) year of IT work experience required.</li> <li>Knowledge and familiarity with security frameworks (e.g. HITRUST) preferred.</li> <li>Strong analytical, problem solving and consulting skills with knowledge of Information Security and related technologies.&nbsp;</li> <li>Accuracy and attention to detail skills.</li> <li>Written and verbal communication skills.</li> <li>Ability to work independently, or within a team environment.</li> <li>Other related skills and/or abilities may be required to perform this job.</li> </ul> <p><strong>Departmental Preferences:</strong></p> <ul> <li>Previous security experience such as:&nbsp; information security audit or&nbsp;third party vendor risk management preferred.</li> <li>Previous information security / information technology security internship or work experience preferred.</li> <li>Previous experience with Enterprise Governance Risk Compliance Software (EGRC) preferred.</li> </ul>