To learn more about Arkansas Blue Cross and Blue Shield Hiring Policies, please click here. Workforce Scheduling Flex Job Summary The Information Security Analyst is responsible for the operations, administration, and governance of the enterprise security solutions and processes. Requirements Education & Experience: 1. Bachelor’s degree in Business, Computer Science, Management Information Systems, or related field. In lieu of degree, at least five (5) years of equivalent experience. 2. Five (5) years of IT security experience with a complex system technology. 3. Advance knowledge of at least one (1) common information security management framework, such as HIPAA, HITRUST, ISO/IEC 27001, ITIL, NIST, COBIT, and/or ITL. 4. Professional security management certification, such as a HITRUST certification (CCSFP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials preferred. Preferred Skills: 1. System analysis experience 2. Project management experience 3. Data testing and/or software application testing Specialized Knowledge & Skills • Detail oriented • Critical thinking • Strong analytical skills • Problem sensitivity • Ingenuity • Project management skills • Excellent communication skills • Ability to build collaborative relationships • Attention to detail Skills Analytical, Critical Thinking, Cultivate Relationships, Detail-Oriented, Oral Communication, Project Management, Written Communication Responsibilities Asset Security: Provides guidance and policy expertise for data security, specifically regarding data classification, data storage, data transmission, and data lifecycle. Sets baseline configurations and monitors data governance. Sets policy and enforcement on security standards, such as file permissions, encryption, cloud data security, network assets, endpoint requirements, and others., Communications and Network Security: Provides/supports network monitoring solutions within SOC/SIEM implementation. Handles initial incident response functions. Provides limited consultation to support elements within this domain. Oversees implementation, configuration, maintenance, and changes for all network security capabilities and assets., Identity and Access Management: Provides account security management and control across all account security systems. Manages privileged access management entitlement review/approvals. Conducts usage audits, verifies removal and retired accounts, approves launcher requests, and provides end user support. Creates, modifies, deletes, and retires member accounts. Manages role entitlement process. Maintains Workday integration. Manages access management application/system updates and testing., Peforms other duties as assigned., Security & Risk Management: Provides guidance to business partners for all information security-related issues and identified security risks. Creates, manages, and enforces information security policy. Provides oversight of framework compliance. Manages enterprise audit remediation and CAP management. Manages vulnerability management plan. Conducts anti-phishing campaigns. Conducts and manages the security awareness and training program. Manages the third party risk management program., Security Architecture and Engineering: Ensures information security is designed with confidentiality, integrity, and access in mind. Sets security requirements. Ensures system redundancy and fault tolerance. Sets standards for mobile and web security. Ensures security of IoT devices., Security Assessment and Testing: Provides requested evidence/artifacts for all security-related assessments/audits. Coordinates and schedules security assessments required of the Enterprise. Coordinates and ensures the quality of outside vendor-provided security assessments, risk assessments, and penetration testing of enterprise assets, Security Operations: Applies information security concepts, techniques, and best practices to support incident response plans and capabilities. Conductsand supports investigations, conducts logging and monitoring activities, securely provisions resources, tests disaster recovery plans, and addresses personnel safety and security concerns., Software Development Security: Provides technical consultation as required. Oversees the static and dynamic scanning of internally developed software within the company and provides reports to ensure proper remediation of code vulnerabilities. Reviews SDLC documentation to ensure compliance with established company and regulatory standards as applicable., This is an all-inclusive responsibility listing for all levels of Information Security Analyst. Incumbent is responsible for: Senior – Proficiency in five (5) security components: Certifications Certified Information Security Manager (CISM) - Information Systems Audit and Control Association (ISACA), Certified Information Systems Auditor (CISA) - Information Systems Audit and Control Association (ISACA), Certified Information System Security Professional (CISSP) - Information Systems Audit and Control Association (ISACA) Security Requirements This position is identified as level three (3). This position must ensure the security and confidentiality of records and information to prevent substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained. The integrity of information must be maintained as outlined in the company Administrative Manual. Segregation of Duties Segregation of duties will be used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business. This position must adhere to the segregation of duties guidelines in the Administrative Manual. Employment Type Regular ADA Requirements 2.1 General Office Worker, Semi-Active, Campus Travel - Someone who normally works in an office setting, periodically has lifting and carrying requirements up to 40 lbs and routinely travels for work within walking distance of location of primary work assignment as essential functions of the job Arkansas Blue Cross has been named one of central Arkansas’ "Top Work Places" by the Arkansas Democrat-Gazette and has earned a top ranking in the large business category multiple times since 2012. Why? We Love our Employees At Arkansas Blue Cross, we care about the health, wellness, and even education of our employees. We offer many great incentives such as: Tuition reimbursement because we value education. Club Blue, a free, onsite gym to encourage exercise. Green Leaf Grill (onsite cafeteria) to help promote healthy eating. Incentives for wellness education and exercise. We Love the Family Environment The average tenure is 10 years with hundreds of employees having been here 15 years or longer. Truly a family atmosphere. Employees go out of their way to help fellow employees in times of need. We Love our Community At Arkansas Blue Cross, our employees care about their community and work together to help others. Our employees often volunteer at charity walks/runs. If you see a gathering of Blue T-shirts at an event, you are probably seeing our Blue team! Our employees organize fundraising events for a variety of charities. From scheduled casual days, to supply collections, to selling treats for a cause, our employees are always helping others. Whether it is within our state, around the world, or happening to one of our own, when disasters strike, our employees help wherever they are needed. It’s just another way we show that Blue cares.