Cyber Risk & Information Assurance Specialist I (Finance)

Job Description:

Summary:

The Cyber Risk & Information Assurance Specialist develops, maintains, and coordinates the Organization's information security activities in support of the Lifetime Healthcare Companies' information security program. The specialist serves as a subject matter expert across corporate third-party services and dependencies, providing consultative insight and risk reduction recommendations to business units relying on third parties in their operation. This position is accountable and responsible for providing expert risk analysis and information to business and risk management leadership, maintaining and managing a global, enterprise-wide Risk Management program. The role includes implementation and maintenance of policies, as well as a comprehensive controls framework with global risk management. This position also provides technical information security risk management and compliance services and support to the Organization's lines of business and further provides information security consulting and support to all levels of the Organization's management in support of the information security program.

Essential Accountabilities:

Level I

• Responsible for the designs, implements, and coordinates the operations of organization-wide cyber risk and information assurance infrastructures. Evaluates and proposes new security or risk solutions and advises and consults with the security manager and various levels of management regarding protection of computing resources, data quality, integrated risk management and information assets.

• Formulates platform administrator for enterprise technologies such as the Integrated Risk Management platform, including workflows and aligning to integrated risk management methodology and taxonomy.

• Maintains the Operational support for enterprise Integrated Risk Management platform technologies.

• Maintains risk management documentation to monitor risk lifecycle progress, track acceptance decisions, and catalog remediation actions. Utilizes automated Governance, Risk, and Compliance tools to track artifacts of the risk management lifecycle. Consults with information systems owners to categorize systems; select, implement, and assess controls; and frame, assess and monitor risk.

• Enforces information security policies, standards, and procedures by administering and monitoring security reports; investigates possible security exceptions.

• Assists in the execution of HIPAA, MAR, PCI, and COBIT compliance activities.

• Integrates cyber and risk tools and appropriate controls into new and existing systems and applications.

• Assists in department self-audits, internal audits, external audit reviews, and risk assessments for the division and for end user departments.

• Participates in advanced security assessment of our suppliers and vendors develops recommendations to improve security and mitigate security risks.

• Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies' mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs.

• Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures.

• Regular and reliable attendance is expected and required.

• Performs other functions as assigned by management.

Level II (in addition to Level I Accountabilities)

• Performs as the Subject Matter Expert for at least one information security technology, processes, and practices internally to the Health Plan - including making recommendations relating to this technology.

• Provides technical expertise and support to security administrators on distributed systems security and implements automated solutions for security administration requests.

• Provides consultation and facilitation support services to the Organization and its subsidiaries in information security matters and ensures compliance with the Organization's information security policies and standards.

• Integrates security tools and appropriate controls into new systems and applications.

• Acts as a security consultant for Organization's IT platforms, databases, middle-wares, and messaging systems (with oversight from a more senior analyst).

• Performs as the Subject Matter Expert for at least two information security technologies, processes, and practices internally to Health Plan.

• Designs, develops, integrates, tests, evaluates, and maintains cybersecurity technology products.

• Researches, designs and integrates new security solutions with an emphasis on solutions that aligns with overall cybersecurity strategy.

• Performs cyber defense incident triage, including determining scope, urgency, and potential impact, and identifying the specific vulnerability.

• Provides security consulting to business partners to ensure solution designs are aligned with security principles and cybersecurity frameworks.

• Acts as team leader amongst the group of specialists, training and providing technical support to system administrators and peers as needed.

Minimum Qualifications:

NOTE: We include multiple levels of classification differentiated by demonstrated knowledge, skills, and the ability to manage increasingly independent and/or complex assignments, broader responsibility, additional decision making, and in some cases, becoming a resource to others. In addition to using this differentiated approach to place new hires, it also provides guideposts for employee development and promotional opportunities.

All Levels

• Five (5) years of work experience in IT security controls, security technology, cyber or data policy, risk practices, data governance or related field.

• Bachelor's degree in computer science, Information Technology, or relevant field. In lieu of degree, six (6) years of related experience required in IT technical or security controls, security technology, policy, risk practices, access management or related field.

• Advanced knowledge in data assurance, data management, or similar role.

• Advanced knowledge of various information security regulations, frameworks, and/or industry standards such as but not limited to: Regulation: HIPAA/HITECH, GLBA/FFIEC Examination Handbook, NAIC MAR/SOX, NYS DFS Cybersecurity Regulations

o Framework: COSO, COBIT, NIST Cybersecurity Framework (CSF)

o Industry Standard: PCI/DSS, NIST SP 800-53/30, SSAE 18, ISO, HITRUST

• Basic knowledge of a minimum of one concept and/or tool listed below:

o Encryption

o PKI

o Network and application security, and related firewalls (Palo Alto Networks, Imperva, etc.)

o AD, LDAP, and various authentication implementations

o Common web application security vulnerabilities (e.g., OWASP top ten)

o At least one information security certification preferred such as but not limited to:

o Security +

o CISSP

o CISM

o CISA

o CDPSE

o CGEIT

o CDMP

o GSEC

o CRISC

• Excellent communications skills with the ability to present clear and concise information to all levels and technical abilities.

• Excellent organization and multi-tasking skills.

Level II (in addition to Level I Qualifications)

• Eight (8) years of related work experience in IT security controls, security technology, cyber or data policy, risk practices, data governance or related field.

• Advanced knowledge of a minimum of five (5) concepts listed above (under Level I).

• At least two (2) or more certifications listed under level I required.

• Experience providing work direction for one or more individual's specific projects and initiatives.

• Experience providing guidance and mentorship to more junior team members.

• Knowledge of Security Frameworks and translating aspects into enhancing security postures.

Physical Requirements:

• Ability to work prolonged periods sitting and/or standing at a workstation and working on a computer.

• Ability to travel across the Health Plan service region for meetings and/or trainings as needed.

• Ability to work in a home office for continuous periods of time for business continuity.

************

One Mission. One Vision. One I.D.E.A. One you.

Together we can create a better I.D.E.A. for our communities.

At the Lifetime Healthcare Companies, we're on a mission to make our communities healthier, and we can't do it without you. We know diversity helps fuel our mission and that's why we approach our work from an I.D.E.A. mindset (Inclusion, Diversity, Equity, and Access). By activating our employees' experiences, skills, and perspectives, we take action toward greater health equity.

We aspire to reflect the communities we live in and serve, and strongly encourage people of color, LGBTQ+ people, people with disabilities, veterans, and other underrepresented groups to apply.

OUR COMPANY CULTURE:

Employees are united by our Lifetime Way Values & Behaviors that include compassion, pride, excellence, innovation and having fun! We aim to be an employer of choice by valuing workforce diversity, innovative thinking, employee development, and by offering competitive compensation and benefits.

In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position.

Equal Opportunity Employer

Compensation Range(s):

Minimum: $87,766 - Maximum: $157,978

The salary range indicated in this posting represents the minimum and maximum of the salary range for this position. Actual salary will vary depending on factors including, but not limited to, budget available, prior experience, knowledge, skill and education as they relate to the position's minimum qualifications, in addition to internal equity. The posted salary range reflects just one component of our total rewards package. Other components of the total rewards package may include participation in group health and/or dental insurance, retirement plan, wellness program, paid time away from work, and paid holidays.

Please note: There may be opportunity for remote work within all jobs posted by the Excellus Talent Acquisition team. This decision is made on a case-by-case basis.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.