• Senior Tech Risk Analyst

    Blue Cross and Blue Shield of LouisianaBaton Rouge, LA 70806

    Job #1205118277

  • We take great strides to ensure our employees have the resources to live well, be healthy, continue learning, develop skills, grow professionally and serve our local communities. We invite you to apply for a career with Blue Cross.You should know that:+ Jobs are updated and posted daily.+ You must submit your resume online.+ Apply for each position for which you are qualified and interested in.+ You will only be considered for positions for which you apply.+ Resumes are only accepted for posted positions.+ Positions are full-time unless otherwise stated.+ Due to the high volume of applicants, only those most qualified will be contacted.+ We are unable to accept phone calls.POSITION PURPOSE :Oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology (IT) systems meet the organization's cybersecurity and risk requirements. Assumes responsibility for operating information systems at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation). Conducts independent comprehensive assessments of the risk mitigation activities employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the risk management program.NATURE AND SCOPE :This position reports to the Mgr, IT-Cybersecurity Tech GRCACTIVITIES OF DIRECT REPORTS:This position does not have any direct reports.NECESSARY CONTACTS :To do this job effectively the incumbent has to be in contact with:All levels of company personnel, internal and external auditors, vendors, Corporate Budgeting, Corporate Supply Management, Purchasing, Legal, Risk Management, all departments within Information Technology.QUALIFICATIONS :Bachelor's degree in IT, Audit, and/or related fields required. Four years of related work experience can be used in lieu of degree.Requires 4 years of relevant, specialized experience and highly developed proficiency within multiple disciplines including Governance, Risk, and Compliance.Must have demonstrated Knowledge of Risk Management Framework (RMF) requirements and risk management processes (e.g., methods for assessing and mitigating risk).Must be able to comprehend the organization's risk tolerance and/or risk management approach.Knowledge of technical delivery capabilities and their limitations. Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletinsMust have working knowledge of the following areas:+ Computer networking concepts and protocols, and network security methodologies+ Risk management processes (e.g., methods for assessing and mitigating risk)+ National and international laws, regulations, policies, and ethics as they relate to cybersecurity+ Cybersecurity principles and Cyber threats and vulnerabilities+ Specific operational impacts of cybersecurity lapses+ Cyber defense and vulnerability assessment tools, including open source tools, and their capabilities+ The Security Assessment and Authorization process+ Cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data+ Cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)+ Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)+ Current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities+ Information technology (IT) risk management policies, requirements, and procedures+ Risk management and mitigation strategiesGeneral Governance, Risk, and Compliance (GRC) Support+ Provide overall support to all Technology GRC team efforts.+ Participate in the development and implementation of a Technology Risk Management program.+ Assist in developing, testing, and delivering solutions, support, reporting, information, and relationship management to satisfy client requests.+ Act as a liaison between clients and others inside or outside of BCBSLA to facilitate solutions, information sharing, and effective communication.ACCOUNTABILITIES AND ESSENTIAL FUNCTIONS :+ Conduct Risk Assessments (RAs) and review security designs for the appropriate security controls, mitigation, or other appropriate response+ Develop methods to monitor and measure risk+ Develop specifications to ensure risk levels conform with security requirements+ Draft statements of preliminary or residual security risks for systems+ Maintain information systems assurance materials+ Perform security reviews, identify gaps in security architecture, and develop a security risk management plan+ Provide enterprise cybersecurity risk management guidance for development of the Continuity of Operations Plans+ Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials)+ Participate in the acquisition process as necessary, following appropriate risk management practices+ Implement Risk Management Framework (RMF)/Security Assessment and Authorization (SA&A) requirements for dedicated cyber defense systems within the enterprise and document and maintain records for them+ Provide enterprise cybersecurity risk management guidance+ Draft and publish risk management documents, policies, and other governance products+ Develop and coordinate a risk management and compliance framework+ Collaborate with key stakeholders to establish a cybersecurity risk management program_The physical demands described here are representative of those that must be met by an employee to successfully perform the accountabilities (essential functions) of the job. Reasonable accommodations may be made to enable an individual with disabilities to perform the essential functions._• Job duties are performed in a normal and clean office environment with normal noise levels.• Work is predominately done while standing or sitting.• The ability to comprehend, document, calculate, visualize, and analyze are required.An Equal Opportunity EmployerAll BCBSLA EMPLOYEES please apply through Workday Careers.PLEASE USE A WEB BROWSER OTHER THAN INTERNET EXPLORER IF YOU ENCOUNTER ISSUES (CHROME, FIREFOX, SAFARI)