Information Security & Risk Analyst, Senior II- Team Lead

DMBA provides a variety of benefits including health, life, and retirement to employees of the Church of Jesus Christ of Latter-day Saints and its affiliates. DMBA began operations in 1970 and is now in its 55th year of supporting the Church of Jesus Christ of Latter-day Saints and its mission.

Position Summary:

DMBA is looking for an Information Security & Risk Team Lead to join the Information Security Team. The Information Security Team reports to the Chief Technology Officer and is responsible for the Information security program. This role will lead a team of security professionals to ensure the organization maintains a robust security posture, aligns with industry regulations (HIPAA, SOC 2, NIST CSF, ISO 27001, HITRUST), and achieves/maintains industry certifications. The ideal candidate will combine hands-on expertise in risk management and compliance with leadership skills to drive security maturity across the enterprise.

Responsibilities:

• Lead the development, implementation, and maintenance of information security policies, standards, and procedures
• Manage the risk assessment and risk treatment process including maintaining the enterprise risk register
• Ensure alignment with regulatory and industry requirements (HITRUST, HIPAA, HITECH, SOC 2, NIST CSF/800-53, ISO 27001)
• Partner with business units to ensure security and risk considerations are embedded in projects and operations
• Leverage a wide range of technologies to help identify, track, and respond to risk
• Manage and improve the third-party risk management program to control supply chain risk
• Manage the development and implementation of security awareness content and training based on company needs and current and emerging threats
• Provide onboarding training for hired employees and vendors
• Assist with incident and compliance investigations and support incident documentation and reporting
• Partner with IT and business teams on security reviews and adhoc client requests
• Help develop, implement, maintain, and improve policies and procedures consistent with regulatory and business requirements
• Ensure new architecture and business practices meet compliance requirements
• Manage external IT and Information security audits and drive audit findings to closure
• Document and implement control testing procedures in alignment with information security management framework
• Be an active participant in building the Information security program by evaluating and suggesting new solutions and ideas

Qualifications and Experience:

• 4-year Bachelor's degree or Master's degree(preferred)
• 6-10 years of information security audit or compliance experience
• Strong understanding of information security best practices and security frameworks (NIST CSF, ISO 27001, ISO27005, CIS Controls, HITRUST, etc.)
• Knowledge of databases, common operating systems (Windows/Linux), and networking
• CISA, CRISC, CISM, CISSP, CIA, or equivalent information security and audit understanding
• Experience with HIPAA, DOL Information security best practices, international, federal, and state privacy laws
• Knowledge of common security solutions (Firewall, WAF, Vulnerability Scanning, XDR, etc.)
• Fundamental cloud security understanding (Azure and AWS)
• Experience with multi-year control framework implementations

Other Qualifications:

• Ability to work with various IT and Business teams to address sensitive topics and risk
• Strong management and business communication skills
• Expertise in project management and prioritization
• Highly motivated team player with a desire to improve the information security program
• Work in a hybrid remote work and office work environment

What We Offer:

• Competitive pay
• Rich medical, vision and dental benefits with low premiums. One of the top health plans in Utah
• Rich retirement planning: including 401(k) company match, 8% EDRC Employer Discretionary Retirement Contribution (we just give you free money for retirement), life insurance, and full service Financial Planners onsite at no cost
• Generous paid leave plan that starts accruing your first day, your birthday off, additional sick leave and 12 paid holidays
• Award winning wellness program with health coaching, ability to earn 3 additional days off a year, fun activities and an onsite gym.
• Tuition reimbursement
• Career development through company sponsored programs and over 5000 on-demand online training courses.
• Hybrid work schedules available depending on position
• Employee Assistance Program