Info Security Sr Advisor IT Risk/Audit Consultant- PS30602
Compensation: $97,595.00 - $163,060.00 /year *
Employment Type: Full-Time
Industry: Information Technology
Loading some great jobs for you...
Anthem, Inc. is one of the nation's leading health benefits companies and a Fortune Top 50 company. At Anthem, Inc., we are working together to transform health care with trusted and caring solutions
Bring your expertise to our innovative culture where you will have the opportunity to make a difference in people's lives, and to take your career further than you can imagine.
The role is responsible for supporting the maturation of a 'center of excellence' around IT and IS control monitoring, advisement and consultation with the Corporate wide IT / IS Policies and Control Framework. Role will help assist in the overall controls monitoring program and interface with internal and external auditors.. The role entails assessing the effectiveness of internal controls, and ensuring that operating systems and processes are functioning in accordance with overall company (sox, soc, pci, cloud, etc.) control framework. This individual will provide leadership to IT Operations to help drive the assurance strategy as well as ensuring that controls activities and remediation are completed on a timely basis.
Work will include developing and assessing any in-scope IT functions for new/expanded SOX/SOC1/SOC2 audits or compliance of new/migrated systems. Will also support and partner with the IT/IS organization as part of the overall team focus. Basic position expectations also include ensuring stability and compliance with audit and regulatory requirements/mandates, maintaining and upkeep of a master control workbook and audit calendar of activities. Will partner with IT OPS leaders across key it general control domains (logical security, change management, cyber security, asset management, etc.) in ensuring that key control activities are embedded within operational processes and technical systems.
Develops, recommends, and implements enterprise information technology and information security policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information technology and information security in compliance with established company policies, regulatory requirements, and generally accepted information technology and nformation security controls. Responsible for advising on the selection and delivery of strategic network security, access control and secure transaction/messaging solutions.
Primary duties may include, but are not limited to:
* Advise on and participate in IT and IS controls monitoring activities in order to partner with IT and IS Operational leaders to counsel on standard control execution.
* Support IT leaders with controls remediation plans and IT process improvement and remedition activities to meet stringent regulatory and audit requirements.
* Participate in and advise on all internal control assessment and audit management activities in support of the IT compliance activities.
* Assesses risk of IT systems, operational processes and participates in IT Risk Assessment procedures.
* Help document IT/IS business processes dependent on information technology.
* Research relevant IT and IS regulatory, compliance and audit trends across healthcare, business, competition and regulatory environments; recommends strategy adjustments.
* Help develop and implement education, training and other mechanisms used to ensure compliant behavior for adequate internal controls
* Provides company management with consultative support in controlling and/or enhancing processes and systems in compliance with policies and regulations focused on SOX, SOC and other regulatory guidance.
* Advises IT OPS on system and network architecture support for information and network security technologies;
* Advises IT OPS on the development and execution of risk assessment methodologies to fit business, regulatory, and technical environment considerations;
* Advises IT OPS on the development of requirements, system architecture, and software design of security products and services;
* Advises IT OPS on the development of strategies for discovery, evaluation and response to new networking attacks; develops security incident response plans and strategies.
* Can provide trouble resolution and serves as point of technical escalation on complex problems.
* Creates presentations and seeks IT management input l and acceptance of significant replacements or reconfigurations of major security systems serving the Enterprise.
* Advises on vendor strategy and direction. May be assigned to project teams for technical consultation to business partners and developers.
* Helps design & engineer comprehensive access management and network security technical solutions based on business requirements and defined technology standards;
* Able to work with architecture to update technology controls direction & strategy.
* Develops reports supporting strategy and direction for management.
* Acts as a subject matter expert among peers, with manager and senior management.
Must be capable of providing top-tier support for 5 or more of the information security technology common body of knowledge skill sets: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery Planning, 4) Cryptography, 5) Information Security and Risk Management 6) Legal, Regulations, 7) Compliance and Investigations, 8) Operations Security, 9) Physical (Environmental) Security, 10) Security Architecture and Design, 11) Telecommunications and Network Security.
Requires BS/BA in related field; 8+ years experience in systems administration and security aspects of information systems, computer networking, telecommunications, systems development and management; significant experience with multiple technical and business disciplines required.; or any combination of education and experience, which would provide an equivalent background.
* Advanced knowledge and understanding of industry-accepted it general controls and data security and data processing controls and concepts as applied to access people, process and technology (management and network security technologies, hardware, software, data, network communications, etc.).
* Security and Audit Certifications preferred (e.g , CISA: Certified Information Security Auditor, CISM: Certified Information Security Manager, CISSP: Certified Information Systems Security Professional, CIPP/A,M,T,P, Information Systems Security Architecture Professional, Information Systems Security Engineering Professional, Certification and Accreditation ,or equivalent certifications.
* Position requires a well-rounded IT/IS control and audit depth of knowledge, specifically in the area of SOX/SOC1/SOC2 audits.
* IT Security Audit experience.
* Strong project management skills preferred.
Anthem, Inc. is ranked as one of America's Most Admired Companies among health insurers by Fortune magazine and is a 2018 DiversityInc magazine Top 50 Company for Diversity. To learn more about our company and apply, please visit us at antheminc.com/careers. An Equal Opportunity Employer/Disability/Veteran
Associated topics: attack, identity, idm, information security, information technology security, malicious, phish, protect, violation, vulnerability
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.
Loading some great jobs for you...