To learn more about Arkansas Blue Cross and Blue Shield Hiring Policies, please click here. Arkansas Blue Cross is only seeking applicants for remote positions from the following states: Arkansas, Florida, Georgia, Illinois, Kansas, Louisiana, Minnesota, Mississippi, Oklahoma, South Carolina, Tennessee, Texas, Virginia and Wisconsin. Workforce Scheduling Flex Job Summary The Information Security Analyst is responsible for the operations, administration, and governance of the enterprise security solutions and processes. Requirements EDUCATION High School diploma or equivalent Bachelor’s degree in Business, Computer Science, Management Information Systems, or related field. In lieu of degree, minimum five (5) years' relevant experience will be considered. LICENSING/CERTIFICATION Professional security management certification (Certified Information Systems Security Professional (CISSP)) or other similar credentials desired. EXPERIENCE Minimum three (3) years' experience conducting various system audits and working with external vendors, conducting information security risk assessments and/or experience related to information security, business continuity, or disaster recovery. Knowledge of at least one (1) common information security management framework, such as HIPAA, HITRUST, ISO/IEC 27001, ITIL, NIST, COBIT, and/or ITL. System analysis experience preferred. Project management experience preferred. Data testing and/or software application testing preferred. ESSENTIAL SKILLS & ABILITIES Detail-Oriented Critical thinking Strong analytical skills Problem sensitivity Ingenuity Project management skills Excellent communication skills Ability to build collaborative relationships. Skills Analytical, Critical Thinking, Cultivate Relationships, Detail-Oriented, Oral Communication, Project Management, Written Communication Responsibilities Asset Security: Provides guidance and policy expertise for data security, specifically regarding data classification, data storage, data transmission, and data lifecycle. Sets baseline configurations and monitor data governance. Sets policy and enforcement on security standards, such as file permissions, encryption, cloud data security, network assets, endpoint requirements, and others., Communication and Network Security: Provides/supports network monitoring solutions within SOC/SIEM implementation. Handles initial incident response functions. Provides limited consultation to support elements within this domain. Oversees implementation, configuration, maintenance, and changes for all network security capabilities and assets., Identity and Access Management: Provides account security management and control across all account security systems. Manages privileged access management entitlement review/approvals. Conducts usage audits, verify removal and retired accounts, approve launcher requests, and provides end user support. Creates, modifies, deletes, and retires member accounts. Manages role entitlement process. Maintains Workday integration. Manages access management application/system updates and testing., Performs other duties as assigned., Security and Risk Management: Provides guidance to business partners for all information security-related issues and identified security risks. Creates, manages, and enforces information security policy. Provides oversight of framework compliance. Manages enterprise audit remediation and CAP management. Manages vulnerability management plan. Conducts anti-phishing campaigns. Conducts and manages the security awareness and training program. Manages the third party risk management program., Security Architecture and Engineering: Ensures information security is designed with confidentiality, integrity, and access in mind. Sets security requirements. Ensures system redundancy and fault tolerance. Sets standards for mobile and web security. Ensures security of IoT devices., Security Assessment and Testing: Provides requested evidence/artifacts for all security-related assessments/audits. Coordinates and schedule security assessments required of the Enterprise. Coordinates and ensures the quality of outside vendor-provided security assessments, risk assessments, and penetration testing of enterprise assets, Security Operations: Applies information security concepts, techniques, and best practices to support incident response plans and capabilities. Conducts and supports investigations, conducts logging and monitoring activities, securely provisions resources, tests disaster recovery plans, and addresses personnel safety and security concerns., Software Development Security: Provides technical consultation as required. Oversees the static and dynamic scanning of internally developed software within the company and provide reports to ensure proper remediation of code vulnerabilities. Reviews SDLC documentation to ensure compliance with established company and regulatory standards as applicable., This is an all-inclusive responsibility listing for all levels of Information Security Analyst. Incumbent is responsible for: (Role) – Proficiency in three (3) security components: Certifications Certified Information Systems Security Professional (CISSP) - The International Information System Security Certification Consortium (ISC)² Security Requirements This position is identified as level three (3). This position must ensure the security and confidentiality of records and information to prevent substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained. The integrity of information must be maintained as outlined in the company Administrative Manual. Segregation of Duties Segregation of duties will be used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business. This position must adhere to the segregation of duties guidelines in the Administrative Manual. Employment Type Regular ADA Requirements 2.1 General Office Worker, Semi-Active, Campus Travel - Someone who normally works in an office setting or remotely, periodically has lifting and carrying requirements up to 40 lbs and routinely travels for work within walking distance of location of primary work assignment as essential functions of the job. Arkansas Blue Cross has been named one of central Arkansas’ "Top Work Places" by the Arkansas Democrat-Gazette and has earned a top ranking in the large business category multiple times since 2012. Why? We Love our Employees At Arkansas Blue Cross, we care about the health, wellness, and even education of our employees. We offer many great incentives such as: Tuition reimbursement because we value education. Club Blue, a free, onsite gym to encourage exercise. Green Leaf Grill (onsite cafeteria) to help promote healthy eating. Incentives for wellness education and exercise. We Love the Family Environment The average tenure is 10 years with hundreds of employees having been here 15 years or longer. Truly a family atmosphere. Employees go out of their way to help fellow employees in times of need. We Love our Community At Arkansas Blue Cross, our employees care about their community and work together to help others. Our employees often volunteer at charity walks/runs. If you see a gathering of Blue T-shirts at an event, you are probably seeing our Blue team! Our employees organize fundraising events for a variety of charities. From scheduled casual days, to supply collections, to selling treats for a cause, our employees are always helping others. Whether it is within our state, around the world, or happening to one of our own, when disasters strike, our employees help wherever they are needed. It’s just another way we show that Blue cares.