Blue Cross and Blue Shield of Louisiana • Baton Rouge, LA
5 - 7 years experience • Healthcare IT
Salary depends on experience
We take great strides to ensure our employees have the resources to live well, be healthy, continue learning, develop skills, grow professionally and serve our local communities. We invite you to apply for a career with Blue Cross.
You should know that:
- Jobs are updated and posted daily.
- You must submit your resume online.
- Apply for each position for which you are qualified and interested in.
- You will only be considered for positions for which you apply.
- Resumes are only accepted for posted positions.
- Positions are full-time unless otherwise stated.
- Due to the high volume of applicants, only those most qualified will be contacted.
- We are unable to accept phone calls.
Position purpose is to design, implement, and maintain security controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives.
NATURE AND SCOPE:
This position reports to the Mgr, IT-Cybersecurity Tech GRC
ACTIVITIES OF DIRECT REPORTS:
This position does not have any direct reports.
To do this job effectively the incumbent has to be in contact with:
All levels of company personnel, internal and external auditors, vendors, Corporate Budgeting, Corporate Supply Management, Purchasing, Legal, Risk Management, all departments within Information Technology.
Bachelor’s degree in IT, Audit, and/or related fields required. Four years of related work experience can be used in lieu of degree.
Requires 5 years of relevant, specialized experience and highly developed proficiency within multiple disciplines including Governance, Risk, and Compliance.
Requires knowledge of Controls & Mapping, Internal/External Auditing, and Compliance Assessment.
Works under minimal supervision with latitude for independent judgment. Conducts tasks and assignments as directed or independently.
Preferred Certifications: ISSOC, CISSP, CISA, CIA, CRMA, CCSA
Control Design, Implementation, Monitoring, Testing, and Maintenance
Design, implement, and maintain security controls in alignment with the organization’s risk appetite and tolerance levels to support business objectives.
Interview process owners and review process design to gain understanding of business requirements
Monitor controls to ensure controls remain within tolerances; they function effectively and efficiently; and they are appropriate.
Provide reports to stakeholders regarding potential or realized changes to control environment.
Test security controls to verify effectiveness and efficiency.
Facilitate the identification of metrics and key performance indicators to enable the measurement of security controls performance in meeting business objectives.
Assess, recommend, and help operate tools designed to automate control processes.
Provide documentation and training to ensure security controls are effectively performed.
Ensure all controls are assigned control owners and facilitate accountability.
Monitor and maintain security controls to ensure
Serve as liaison to auditors, consultants, and other personnel as needed to ensure organizational compliance with applicable rules, laws, and regulations.
Risk Identification, Assessment, Evaluation, Monitoring, and Response
Assist in the identification, assessment, and evaluation of security risks to the organization.
Participate in the design, implementation, maintenance, and continual evaluation of risk response / mitigation strategies.
Coordinate the development and ongoing maintenance of applicable governance documents.
Ensure all governance documents are compliant with regulatory requirements.
Maintain a schedule of reviews to ensure compliance.