Information Security Analyst 4 - Bright Health Austin, Texas, United States Bookmark Share Print 134 0 0

Listing Description

SCOPE OF ROLE 


Working as part of the Information Security team within the Technology office at Bright Health, the Information Security Analyst 4 will report directly to the Information Security GRC Manager and will be responsible for leading day to day IT compliance, data governance, and leading audit activities (internal and external). The role will include primary responsibility for identifying, analyzing and influencing the management of information risks across the organization in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.


ROLE RESPONSIBILITIES



  • Perform security and compliance assessments on new and existing systems, processes, and technology.

  • Use configuration monitoring systems to run compliance scans on endpoints, servers and network devices.

  • Run compliance and metrics reports using configuration monitoring systems.

  • Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.

  • Work with various business units to identify and facilitate implementation of appropriate controls to effectively manage information risks.

  • Lead internal and external audit process for relevant compliance concerns including NIST CSF, SOC 2, HIPAA requirements.

  • Perform periodic gap assessments to validate compliance on an ongoing basis.

  • Collaborate to define IT security standards and develop supporting organizational policies.

  • Maintain IT/InfoSec risk register and communicate risk findings to risk owners and business leaders.

  • Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.

  • Train and mentor members of the Information Security GRC Team. 


EDUCATION, TRAINING, AND PROFESSIONAL EXPERIENCE



  • Seven (7) years’ of relevant work experience required.

  • Bachelor’s degree in Information Security or related field; or equivalent work experience required.

  • Knowledge and experience with state, federal, and international regulations such as California SB-1386, HIPAA, SOC 2, PCI, SOX, and GDPR.

  • Knowledge and experience in information security and privacy laws, access, release of information, and release control technologies.

  • Knowledge and experience in general electronic health information access, release of information, and release control technologies.

  • Ability to analyze the nature and classification of health data and the status of the person or entity requesting the electronic health data. Determine which provisions in HIPAA or security policy apply to the data, determine if other state or federal laws, rules, or regulations are in conflict with the applicable provision of HIPAA or policy; Determine if there are court decisions that address the issue; and recommend procedures or processes that reduce or eliminate the conflicts in law and assure compliance with applicable statutes and/or regulations.

  • Senior level experience with security frameworks such as NIST CSF, HITRUST CSF, FedRAMP and ISO 27001. Experience with configuration benchmarks such as CIS and DISA STIGS to develop configuration baselines.

  • Demonstrated organizational, facilitation, presentation, and project management skills with excellent written and verbal communication skills.

  •  Ability to develop and/or modify policies and procedures within the confines of current law and management objectives.

  • ISACA, GIAC or (ISC)2 Certification preferred. 

  • CRISC

  • CEH


Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided



About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765