Job Description:
• Managed day to day, short and long term information security risks and ensures activities are within risk tolerance and in compliance with approved risk management policies, procedures and limits
• Measure, monitor, and report on information security risks
• Review and report on vendor/third party risk to support vendor risk management activities
• Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews
• Monitor and report on information security risk mitigation plans to ensure timely execution
• Engage employees in the management of information security risk and ensure they are aware of their accountabilities with regard to information security risk management
• Regularly assess and report to management any exceptions to information risk management policies, procedures and limits
• Engage with the Enterprise Risk Management office to ensure information risk management policies, procedures and limits are aligned with Enterprise Risk Management policies and guidance
• Contribute and provide input to the development of operational department goals
• Acts as technical expert in functional domain
• Recommends technical advancements to improve CareSource customer and partner experiences
• Perform any other job related instructions as requested
Requirements:
• Bachelor Degree or equivalent years of relevant work experience required
• Minimum of seven (7) years of relevant work experience is required
• Ability to effectively prioritize and execute tasks while working both independently and in a team-oriented, collaborative environment
• Strong interpersonal skills including excellent written and verbal communication skills; listening and critical thinking; presentation skills, facilitation skills
• Ability to establish effective working relationships with stakeholders at all different levels
• Flexibility during organizational and/or business changes
• Ability to manage multiple projects while demonstrating a sense of urgency
• Effective problem-solving skills with attention to detail
• Working technical knowledge/experience of the following: IT Audit, Application, server, and network security, Monitoring security events and supporting incident response activities, Sarbanes-Oxley (SOX) compliance, Microsoft Office, Access Management/Authentication and Authorization, Security Monitoring, Data Encryption, Computer Networking Security, Internet protocols (SSL, IPSEC, TCP/IP), Windows Operating System, Project Management
• Certified in Risk and Information System Control (CRISC) or System Security Certified Practitioner (SSCP) preferred
Benefits:
• substantial and comprehensive total rewards package
• bonus tied to company and individual performance