IS Security Risk Analyst III

Title: IS Security Risk Analyst III

Location: Columbia, SC 29219 -- HYBRID

Duration: 50 Weeks CONTRACT role

Client: BCBS

Pay Rate: $40.00 - $53.00/hour on W2.

Job description:

Job Title: IS Security Risk Analyst III

Position Notes:

Required Education: Bachelor’s degree in computer science, Information Technology, or related degree.

Required Degree Equivalency: 4 years of job-related work experience or 2 years of job-related experience plus an associate’s degree in computer science, Information Technology, or other job-related degree

Required Work Experience: 6 years of I/T experience including 4 years of IT security, risk assessment and/or compliance experience. Successful completion of BCBSSC I/S Entry Level Training Program (ELTP) may be substituted for 2 years of I/T experience.

Partial Onsite: Tuesday, Wednesday, thursday onsite and as needed

C2 eligibility is required

Duties:

• Plan and perform compliance and risk assessment activities for information systems and related processes. Communicate and escalate compliance and risk issues to the appropriate department and/or level of management. Act as a change agent to influence the I/S and corporate compliance culture.
• 20% Independently monitor remediation of new and outstanding issues, including Information Security Risk Exception process, to ensure identification of areas of non-compliance. Utilize tools to track and report on compliance posture.
• 20% Independently conduct formal risk analysis and self-assessments to determine effectiveness of controls and ensure creation of action plans to remediate identified risks.
• 20% Facilitate development, implementation and documentation of Information Security policies, procedures, processes, and programs to guide organization toward continuous compliance. Independently analyze and interpret security regulations and controls to advise on security compliance at a broad perspective across multiple business areas. Consult on organizational impacts of compliance and risk management decisions.
• 20% Serve as an interface with external entities for governance and compliance reviews regarding information security risk across multiple business areas and controls.
• 10% Independently investigate, document, and resolve Information Security Incidents. Advise senior management of critical issues that may affect organization.
• 10% Research emerging security topics, threats, and capabilities to create/update policy and governance. Promote organizational security awareness by developing security training, Security Council bulletins, security policies, standards, and best practices.
• Required Skills and Abilities: Good understanding of Systems Development Life Cycle methodologies. Subject Matter Expert in government or private risk frameworks and control implementations. Good understanding of risk management, information system security and compliance standards. Excellent analytical and decision-making skills. Proven ability to interpret and apply knowledge of regulatory/accreditation requirements. Ability to independently solve problems often spanning multiple environments and business areas. Ability to effect change and bring security, risk and compliance knowledge to the organization through the use of positive influence. Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets and communication protocols. Strong communication skills in presenting results both verbally and in writing. Possess excellent collaboration skills with a wide variety of internal matrix and management staff.
• Required Software and Other Tools: Standard office equipment.
• Work Environment: Fast paced, multi-platformed environment which may require action and response 24X7 to support the technical business needs of the customer.
• Required Education: Bachelor’s degree in computer science, Information Technology, or related degree.
• Required Degree Equivalency: 4 years of job-related work experience or 2 years of job-related experience plus an associate’s degree in Computer Science, Information Technology or other job-related degree
• Required Work Experience: 6 years of I/T experience including 4 years of IT security, risk assessment and/or compliance experience. Successful completion of BCBSSC I/S Entry Level Training Program (ELTP) may be substituted for 2 years of I/T experience.

CANDIDATE TECHNICAL BACKGROUND:

• Experience with NIST, FISMA, COBIT, SSAE16, PCI, SOX, HIPAA, or other regulatory requirements.
• Experience working on Security Management Plan
• Experience with working on vulnerability matrices -- Experience with the scanning and remediation of I/S assets using automated tools is beneficial (i.e. Nessus, AppDetective, Vanguard, etc.).
• Knowledge of technical security controls from NIST, DISA, USGCB, etc. compliance domains across multiple platforms.
• Deep understanding of security risk exposures and how vulnerabilities can be translated into business risk that leadership understands.
• Advanced knowledge on security risk assessment execution.
• Expert level knowledge on risk mitigation strategies.
• Excel expert with the ability to analyze, trend and forecast from high volumes of compliance data.
• Proficient with MS Word.

PREFERRED / HIGHLY DESIRED BACKGROUND:

• Experience with compliance programs within a government agency (i.e., Medicare, Tricare) is preferred.
• Direct experience with NIST 800-53 security frameworks.
• Any experience with Visio or PowerPoint a plus.
• Any experience with DoD, DIARMF or FedRamp program are a plus.
• SQL experience a plus.

Pay Rate & Benefits:

• This is the pay range that Magnit reasonably expects to pay someone for this position is $40/hour - $53/hour.
• Benefits: Medical, Dental, Vision, 401K (provided minimum eligibility hours are met).

QUALIFICATION/ LICENSURE :

Work Authorization : US Citizen

Preferred years of experience : 1 Years

Travel Required : No travel required

Shift timings: Not specified