Develops and maintains Information Assurance asset inventory & classification. Plans, organizes, schedules and conducts risk assessments in accordance with industry standards and guidelines and in line with organizational mission, goals, and objectives. Designs, develops & maintains risk management plan including risk prioritization Leads implementation of risk management plan including new practice development and change management of existing practices. Leads monitoring of practices for compliance and maturity and identifies and implements improvement opportunities. Identifies designs, develops and conducts change management on documentation assets including audit control and narratives, policies, processes, procedures, reference & training material. Implements framework and technology used to organize, integrate, and retrieve content related to controls, policies, processes, procedures, reference and training material. Delivers regular reports to senior management on compliance health and maturity.
Accountable for complying with all laws and regulations that are associated with assigned duties and responsibilities.
NATURE AND SCOPE:
This position reports to Manager, IT.
ACTIVITIES OF DIRECT REPORTS:
This position has no direct reports.
Members of all client and partnering organizations including staff, subject matter experts, and management.
External auditors, vendors, industry associations, peer organizations
Bachelor's Degree in Computer Science, Business Administration, or related field is required. Four years of related experience above the minimum requirements may be accepted in lieu of degree.
Information Systems Audit, Control or Risk Certification preferred (e.g. CISA, CRISC).
Five years’ experience in a technical position such as business systems analysis, business process design/re-design, systems design, systems/infrastructure and/or applications administration, systems/infrastructure and/or applications support, or technical program/project management is required.
In-depth knowledge in minimally one of the following areas: Technology Related Risk Management, Governance (Policy, Process, Procedures development & deployment), Compliance, Information Security, Information Technology Infrastructure, Applications Development & Support, or Financial Management.
Working knowledge of Information Technology hardware and/or software is required.
Experience in leveraging best practice frameworks such as COBIT, ITIL, ISO, NIST, PMI to define and implement policy, process, and/or procedures are preferred.
Working knowledge of process improvement methodologies and experienced in leveraging these methodologies during process improvement efforts.
Experience in defining, developing and monitoring metrics is preferred.
Experience in gathering, documenting, and analyzing business requirements and developing solution options to meet business need.
Must have demonstrated ability to plan, schedule, identify & communicate with stakeholders, implement, and report status on assigned work efforts.
Experience in developing end user documentation and training, and presenting to small groups in a training setting is preferred.
Must have general understanding of a wide variety of technologies that can be leveraged to solve business problems.
Excellent written and verbal communication and negotiation skills in order to interact with peers, management and executives on execution of job duties.
Has demonstrated creativity in assignments and leadership in field of specialization.
Experience in content management/configuration within SharePoint preferred.
Experience in using social network technologies to influence end-user behavior and compliance with policies and procedures preferred.
Must have demonstrated ability in performing the following:
Planning and executing job duties under general direction.
Working with peers, customer peers, members of management and vendors regularly to define and resolve problems and issues.
Weighing industry standards with organizational mission, goals and objectives when analyzing risks and developing risk management plans. Presents alternatives to management using weighted data and information.
Providing input to software buying decisions.
Significantly contributing to development of control documentation strategy, framework and technical solution.
Providing advice to management, recommending approaches and solutions to complex problems.
ANALYTICAL & CREATIVE:
Requires the highest degree of analysis, innovation and creativity.
Considered an expert in Technology Related Risk Management, Governance (Policy, Process, Procedures development & deployment), Compliance, Information Security, Information Technology Infrastructure, Applications Development & Support, or Financial Management.
Participates as the key advisor in project(s) and team(s) development activities.
Keeps technically current with changes and improvements within area of assignment or specialization, incorporating them where applicable.
Contributes to the development of new analysis concepts, technological solutions and improvement of existing techniques.
Information Assurance Asset Management
Under general direction, responsible for the development of information asset classifications, leveraging industry standards and guidelines, compliance requirements and best practices. Responsible for creating and maintaining functional, accessible IA asset inventory of those assets the organization wishes to protect.
Risk Assessment & Risk Management
Under general direction, responsible for planning, organizing, scheduling and conducting risk assessments in accordance with industry standards and guidelines and in line with organizational mission, goals, and objectives. Designs, develops & maintains risk management plan including risk prioritizations. Presents risk assessment results and risk management plan and prioritization to subject matter experts and management. Leads the implementation of the risk management plan including scheduling, identification, resource acquisition and collaboration with essential resources to meet objectives. Provides regular schedule and status updates and presentations related to execution of and modifications of risk management plan.
Control & Practice Support
Under general direction, responsible for gathering and assessing business requirements from internal and external clients related to current practices. Responsible for developing, testing and delivering solutions, support, reporting, information and relationship management to satisfy client requests. Acts as liaison between clients and others inside or outside the organization to facilitate solutions, information sharing and understanding.
Practice Development & Change Management
Under general direction, responsible for assessing impacts of new or changes to existing practices and controls. Based on impact assessment and priority, responsible for development and execution of a timely new development or change management plan, efficiently and effectively utilizing resources. The plan shall include the following: communications plan, training plan, integration plan, documentation plan, and new or changes (to) monitoring and reporting tools and processes. Periodically reports status of plan execution to management. Communicates with impacted end-users and organizational units to ensure awareness of new practice or change. Provides support to end-users in understanding and compliance with new and/or modified practices.
Control & Practice Compliance Monitoring & Support
Under general direction, responsible for design, development and implementation of monitoring tools, processes and reporting on control and practice compliance. Establishes baseline compliance metrics and means for measuring improvements. Monitors and reports change in level of compliance. Provides user education, including the design, development and delivery of reference material and/or training to educate end users and promote compliance. Provides proactive and reactive subject matter expertise on controls and practices. Conducts ongoing assessment of practices for effectiveness, efficiency, relevance, and ability to meet compliance requirements to determine need and timeline for practice improvements.
Under general direction, responsible for identifying, designing, developing and conducting change management on documentation assets including audit control and narratives, policies, processes, procedures, reference & training material and reporting. Provides guidance and expertise in selection, implementation and maintenance of documentation framework and technology to promote usefulness and usability. Works in a consultative manner with client subject matter experts, management and senior management, to identify, develop, document, test, obtain approval and implement new and changes to documentation assets.
Internal and External Audits and Audit Controls and Narratives
Under general direction, provides single point of contact for internal and external audits and content of audit narratives. Consults with Internal Corporate Audit, external auditors, subject matter experts and management regarding the scheduling, execution and communication of audit schedules and status. Maintains oversight of audits in progress. Provides timely advice and guidance during audit execution. Responsible for audit control and narrative language by working in a consultative manner with staff, subject matter experts, management and senior management, and Internal Corporate Audit and external auditors to identify, develop, document, and test control activity language describing practices and processes.
Understands IT Departmental Goals and Objectives and delivers work products to contribute to those goals.
Contact – Terri Kolb225.298.7960
BCBSLA Technology Governance, Risk and Compliance