Info Security Specialist I - Enterprise Information Security (Assessor/Audit)

With more than 7,000 employees, we are the largest health insurance company in Michigan. We offer an exciting work environment with a diverse group of employees. Our goal is to make health insurance easier for our members. We want to transform the industry and become a resource that people can trust.

Detroit, MI

Blue Cross Blue Shield of Michigan

When you think of <a href="" target="_blank" rel="noopener noreferrer">Blue Cross Blue Shield of Michigan</a> for health insurance, you can know you&rsquo;re getting much more. We're a company founded on a tradition of affordable, quality health care for everyone, improving the present and investing in the future.&nbsp;<br /><br />We offer:<br />Plans for employers and individuals that meet today&rsquo;s needs, budgets and lifestyle<br />The largest network of doctors and hospitals in the state<br />Lower health care costs Higher quality health care<br />Award-winning diversity practices<br />Grants and programs that promote better health throughout Michigan<br /><strong><br />Mission:&nbsp;</strong>We commit to being our members&rsquo; trusted partner by providing affordable, innovative products that improve their care and health.<br /><br /><a href="" target="_blank" rel="noopener noreferrer"><strong>Click here</strong></a> to learn more about our commitment to our Social Mission, view company updates and reviews, and view our awards &amp; accolades.<br /><br />For Application Timeline &amp; Selection Process:&nbsp;<a href="" target="_blank" rel="noopener noreferrer">Click Here</a>. Learn more about your options as an external candidate. <a href="" target="_blank" title="BCBSM" rel="noopener noreferrer">Click here</a> to view open positions.

keywords: departmental summary,teamwork,support,consulting,lead,departmental preferences,education & experience,knowledge,departmental requirements


Competitive Total Compensation Package

Overview: <strong>Departmental Summary<br /><br /></strong>Blue Cross Blue Shield of Michigan<strong>&nbsp;</strong>(BCBSM)<strong>&nbsp;</strong>is seeking an<strong>&nbsp;</strong>Information Security Specialist<strong>&nbsp;</strong>(Assessor / Audit) to support our growing&nbsp;Enterprise Information Security team<strong>.&nbsp;</strong>&nbsp;This position will have an emphasis on support information security initiatives/assessments for one of our subsidiaries, AF Group.&nbsp;&nbsp;<br /><br /> <p><strong>A strong preference for candidates&nbsp;with:</strong></p> <ul> <li>Knowledge of the following within Information Technology: general controls, compliance, assessments, audit experience as well as knowledge and understanding of governance, risk &amp; compliance.</li> <li>Knowledge of security and risk frameworks, standards, best practices (e.g., HITRUST CSF, NIST CSF, ISO/IEC 27001, COBIT).</li> <li>Self-starter with effective written and verbal communication skills and&nbsp;strong critical thinking skills.</li> </ul>
Responsibilities: <strong><strong>Departmental Preferences&nbsp;<br /><br /></strong></strong> <p>As an&nbsp;<strong>Information Security Specialist</strong>&nbsp;(<strong>Assessor/Audit</strong>) you will<strong>:</strong></p> <ul> <li>Assist in the security framework control scoping, evidence collection, control testing and corrective action planning collaboratively across BCBSM/Entities.</li> <li>Maintain a consistent and organized approach to tracking compliance requirements within the enterprise GRC technology solution.</li> <li>Develop and track mitigation plan status with control owners cross-functionally.</li> <li>Develop necessary reports and presentations collaboratively.</li> <li>Perform ongoing analysis and monitoring of critical the security framework requirements to detect potential issues with compliance.</li> <li>Assist in coordinating the enterprise-wide activities across key stakeholders and entities.</li> <li>Support enterprise-wide information security initiatives/assessments for AF Group and will be the main point of contact between AF Group and BCBSM.</li> </ul> <p>Additional aspects/responsibilities of the role may include:</p> <p><strong>Develop and manage information security initiatives for multiple IT functional area across the enterprise related to risk management, mitigation and response, compliance, control assurance, and user awareness. Develop and drive security strategies, policies/standards, ensuring the effectiveness of solutions, and providing security-consultative services to the organization. Work on multiple complex projects as team member or technical lead.</strong></p> <ul> <li>Provide strategic and tactical direction and consultation on information security and compliance.&nbsp;</li> <li>Participate in security planning and analyst activities.&nbsp; Work in combination with IT Delivery Lead/Manager to ensure security is engaged in projects.</li> <li>Maintain an up-to-date understanding of industry best practices.&nbsp; Develop, refine and implement enterprise-wide security policies, procedures and standards to meet compliance responsibilities.&nbsp; Monitor the legal and regulatory environment for development.&nbsp; Monitor compliance with and recommend required changes to IT policies standards, guidelines, and procedures.&nbsp; Support service-level agreements (SLAs) to ensure that security controls are managed and maintained.&nbsp; Ensure security compliance with legal and regulatory standards.</li> <li>Develop processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owner with remediation plan development, tracking findings through remediation, progress monitoring, reporting and escalation.</li> <li>Engage directly with the business to gather a full understanding of project scope and business requirements.&nbsp; Provide security-related guidance on business processes.&nbsp; Work closely with IT and development teams to design secure infrastructure solutions and applications, facilitating the implementation of protective and mitigating controls.&nbsp;</li> <li>Work directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. Participate in the development and maintenance of a global risk framework (a single view of the company&rsquo;s risk profiles and tolerance.)&nbsp; Capture, maintain, and monitor information security risk in one repository.</li> <li>Consult with clients on the data classification of their resources.&nbsp; Assess threats and vulnerabilities regarding information assets and recommends the appropriate information security controls and measures.&nbsp; Define, recommend and manage security controls for information systems.&nbsp; Manage project documentation (compliance documentation, security plans, risk assessment, corrective action plans, etc.).&nbsp;&nbsp;</li> <li>Perform security monitoring and reporting, analyze security alerts and escalate security alerts to local support teams.</li> <li>Provide security support for application- and infrastructure-related projects to ensure that security issues are addressed throughout the project life cycle.&nbsp; Define security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.&nbsp; Define and validate baseline security configurations for operating systems, applications, networking and telecommunications equipment. Identify and coordinate resolution of information security recovery issues.&nbsp; Provides responsive support for problems found during normal working hours as well as outside normal working hours.</li> <li>Lead and respond to security incidents and investigations and targets reviews of suspect areas.&nbsp; Consult on teams to resolve issues that are uncovered by various internal and third party monitoring tools.&nbsp; Identify and resolve root causes of security-related problems.</li> <li>Develop and deliver security awareness and compliance training programs. Conduct knowledge transfer training sessions to security operations team upon technology implementation.</li> </ul>
Requirements: <strong><strong>Departmental Requirements<br /><br /></strong></strong> <p><strong>Qualifications</strong></p> <ul> <li>Bachelor&rsquo;s degree in related field preferred.</li> <li>Five (5) years of combined IT experience to include two (2) years of IT security work experience with a broad range of exposure to systems analysis, application development, systems administration.</li> <li>Experience designing and implementing security solutions preferred.&nbsp;</li> <li>In-depth knowledge of security issues, techniques and implications across all existing computer platforms required.</li> <li>Strong analytical, problem solving, and consulting skills with knowledge of Information Security and related technologies.&nbsp;</li> <li>Knowledge of approaches, tools, and techniques for recognizing, anticipating, and resolving problems; ability to apply this knowledge to diverse situations.</li> <li>A high proficiency level in specific job related skills with accuracy and attention to detail skills.</li> <li>Ability to work independently and&nbsp;within a team environment.</li> <li>Other related skills and/or abilities may be required to perform this job.</li> </ul>