Information Security Operations Analyst Lead – Arkansas Blue Cross and Blue Shield – Little Rock, AR

The Lead Information Security Analyst is responsible for a variety of security functions within the Enterprise Information Security Office (EIS) to include providing Rotational Security Incident Response to conducting regular security audits and provide feedback and presentations to executives on those audits. Additionally, this individual will become instrumental in working with other members of the EIS team with ensuring identified security corrective actions are assigned and resolved accurately and on time. The Lead Information Security Analyst will review and research security requirements and compliance requests from vendors, as well as review contracts requiring security input and validation. Additionally, the Information Security Analyst will assist members of the EIS team in responding to data incidents and coordinate with IS&T resources to research incidents.

Education & Experience:

1. Bachelor’s degree in Business, Computer Science, Management Information Systems, or related field. In lieu of degree, at least five (5) years of equivalent experience.

2. Seven (7) years of IT security experience with a complex system technology.

3. Expert knowledge of at least two (2) common information security management framework, such as HIPAA, HITRUST, ISO/IEC 27001, ITIL, NIST, COBIT, and/or ITL.

4. Professional security management certification, such as a HITRUST certification (CCSFP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials required.

5. Project management experience.

Preferred Skills:

1. System analysis experience

2. Data testing and/or software application testing

Specialized Knowledge & Skills

  • Detail oriented
  • Critical thinking
  • Strong analytical skills
  • Problem sensitivity
  • Ingenuity
  • Project management skills
  • Excellent communication skills
  • Ability to build collaborative relationships
  • Attention to detail

This position may involve remote or hybrid work. Minimum internet connection speeds are required for remote or hybrid work.

Analytical, Critical Thinking, Cultivate Relationships, Detail-Oriented, Oral Communication, Project Management, Written Communication
Asset Security: Provides guidance and policy expertise for data security, specifically regarding data classification, data storage, data transmission, and data lifecycle. Sets baseline configurations and monitor data governance. Sets policy and enforcement on security standards, such as file permissions, encryption, cloud data security, network assets, endpoint requirements, and others., Communications and Network Security: Provides/supports network monitoring solutions within SOC/SIEM implementation. Handles initial incident response functions. Provides limited consultation to support elements within this domain. Oversees implementation, configuration, maintenance, and changes for all network security capabilities and assets., Identity and Access Management: Provides account security management and controls across all account security systems. Manages privileged access management entitlement review/approvals. Conducts usage audits, verifies removal and retired accounts, approves launcher requests, and provides end user support. Creates, modifies, deletes, and retires member accounts. Manages role entitlement process. Maintains Workday integration. Manages access management application/system updates and testing., Performs other duties as assigned., Security & Risk Management: Provides guidance to business partners for all information security-related issues and identified security risks. Creates, manages, and enforces information security policy. Provides oversight of framework compliance. Manages enterprise audit remediation and CAP management. Manages vulnerability management plan. Conducts anti-phishing campaigns. Conducts and manages the security awareness and training program. Manages the third party risk management program., Security Architecture and Engineering: Ensures information security is designed with confidentiality, integrity, and access in mind. Sets security requirements. Ensures system redundancy and fault tolerance. Sets standards for mobile and web security. Ensures security of IoT devices., Security Assessment and Testing: Provides requested evidence/artifacts for all security-related assessments/audits. Coordinates and schedules security assessments required of the Enterprise. Coordinates and ensures the quality of outside vendor-provided security assessments, risk assessments, and penetration testing of enterprise assets, Security Operations: Applies information security concepts, techniques, and best practices to support incident response plans and capabilities. Conducts and supports investigations, conducts logging and monitoring activities, securely provisions resources, tests disaster recovery plans, and addresses personnel safety and security concerns., Software Development Security: Provides technical consultation as required. Oversees the static and dynamic scanning of internally developed software within the company and provide reports to ensure proper remediation of code vulnerabilities. Reviews SDLC documentation to ensure compliance with established company and regulatory standards as applicable., This is an all-inclusive responsibility listing for all levels of Information Security Analyst. Incumbent is responsible for:

Lead (Level IV) – Proficiency in eight (8) security components
Certified Information Security Manager (CISM) – Information Systems Audit and Control Association (ISACA), Certified Information Systems Auditor (CISA) – Information Systems Audit and Control Association (ISACA), Certified Information System Security Professional (CISSP) – Information Systems Audit and Control Association (ISACA)

This position is identified as level three (3). This position must ensure the security and confidentiality of records and information to prevent substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained. The integrity of information must be maintained as outlined in the company Administrative Manual.

Segregation of duties will be used to ensure that errors or irregularities are prevented or detected on a timely basis by employees in the normal course of business. This position must adhere to the segregation of duties guidelines in the Administrative Manual.


ADA Requirements

2.1 General Office Worker, Semi-Active, Campus Travel – Someone who normally works in an office setting, periodically has lifting and carrying requirements up to 40 lbs and routinely travels for work within walking distance of location of primary work assignment as essential functions of the job

Click Here To Apply

%d bloggers like this: