Resp & Qualifications
Under the supervision of the Manager, Information Security, the incumbent’s accountabilities include, but are not limited to the following:
1. Build and implement systems security plans.
- Gather the information necessary to conduct risk assessments, impact analysis and validation on information systems.
- Review systems to identify risks, recommend mitigation strategy, monitor changes, and document success.
- Assist in identifying and prioritizing risks in addition to maintaining a risk registry for presenting those risks to leadership
- Utilization of eGRC tool for housing risk information and to assist in risk management. Develop and fine tune processes surrounding the tool.
- Development and revisions of Standard Operating Procedures and security practices documentation
- Provide appropriate training to other security specialists and external customers on developed standards, procedures and guidelines
- Represent Information Security in disaster recovery procedures and exercises.
- Test and report on new technologies and reporting security concerns through the creation of security vulnerability assessments
- Serve as senior technical information security coordinator/project lead and as a contributor to cross functional teams for deployment and support of security specific infrastructure to provide information security to the enterprise
- Provide support and guidance to a team of technically diverse personnel of junior level security specialist
- Design, implement, and integrate security solutions to address enterprise risks and exposures.
- Design and implement security solutions to monitor the efficiency and effectiveness of security operations, controls and infrastructure.
- Performing security governance through the design and implementation of security policies, procedures, guidelines and standards to maintain the confidentiality, integrity and availability of information systems and data.
2. Apply technology and processes to ensure the enterprise is protected and secured in the following areas:
- Certification and Accreditation
- Provide data protection (using technologies such as whole disk encryption, end-to-end e-mail security, public and private key management, data leakage prevention, web applications and source code security, database security, etc.)
- Network devices and infrastructure, desktop/mobile devices and remote access to the network,
- Information assurance to ensure data is managed based on its sensitivity.
- Information governance through information security policies, guidelines, and standards
- Provide general support to the Information Security department in carrying out its’ assigned functions and responsibilities.
- Provide off-hours support and problem resolution as directed by departmental requirements, service level agreements and internal support procedures
- Aid with audit issues and concerns affecting the Information Security department
- Interact with other teams to develop tactical and strategic programs to address processes, controls, organization and infrastructure to manage information security related concerns and satisfy directives.
3. Properly interpret business and technical requirements into security solutions and designs that are consistent with the current information security architecture.
Required: College Degree in an Information Security or Technology related field or equivalent experience plus 3 - 6 years related work experience. The incumbent will possess a high level of expertise in information security concepts, information security policies and system architecture concepts and have experience in process definition, workflow design, and process mapping. Must have conceptual knowledge of vulnerability assessments, privacy assessments, incident response, security policy creation, enterprise security strategies, and governance. The incumbent must also have an ability to quickly and effectively learn Information Security tools in a large, complex multi-platform environment.
- Ability to identify and resolve complex issues and develop security solutions to meet CareFirst’s business and technology goals.
- Strong written documentation skills and technical writing are required.
- Excellent presentation and verbal communication skills.
- Ability to effectively complete tasks with a minimal level of supervision.
- Strong computer skills, including knowledge of Microsoft Windows, various e-mail systems (Lotus Notes, Microsoft Exchange) and unified communication systems (Office Communication Server).
- Possess broad understanding of the following systems/skill sets:
System hardening concepts and techniques:
- Network and remote access controls
- Unix, Linux, Web application servers (WebSphere, Apache)
- Virtualization technologies (VMware, VLANS, Hypervisors)
- Encryption technologies and key management
- Web application servers
- F5 LTMs / ASMs
- Web application and IP firewalls
- Familiarity with access control methodologies (MAC, DAC. RBAC)
- Relevant Certifications CISSP, CASP, CISM, CISA, CAP
- Ability to understand and apply appropriate policies and procedures.
- Familiarity with security tools such as wireless and network scanning applications, vulnerability assessment applications and concepts, IDS/IPS and other appropriate security related tools and capabilities.
- Experience working with Information Security tools in a large, complex, multi-platform environment.
Equal Employment Opportunity
CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
Hire Range Disclaimer
Actual salary will be based on relevant job experience and work history.
Where To Apply
Please visit our website to apply: www.carefirst.com/careers
Please apply before: 5/31/2019
Federal Disc/Physical Demand
Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.
The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.
Sponsorship in US
Must be eligible to work in the U.S. without Sponsorship