Talent.com
This job offer is not available in your country.
Info Security Analyst

Info Security Analyst

Euroasia Executive Search, IncBGC, Taguig
30+ days ago
Job description

Job Description :

Change Healthcare is looking for an Information Security Risk Management Analyst to assist in executing the Information Security Vendor Risk Management Program. The resource will partner with our existing risk practitioners to assess the level of risk associated with a Vendor’s service and ensure the application of Change Healthcare technical standards, required contractual terms, and due diligence to measure vendor’s compliance with Change Healthcare requirements.

Under general direction, the position performs all procedures necessary to ensure information systems assets’ safety and protect systems from intentional or inadvertent access or destruction. Interfaces with the user community to understand their security needs and implements procedures to accommodate them. Ensures that the user community understands and adheres to necessary procedures to maintain security. This position requires familiarity with domain structures, user authentication, and digital signatures. It also conducts an accurate evaluation of the level of protection needed. It involves understanding network layouts and protocols, firewall theory, and configuration. It also requires experience with host-based security on one or more platforms and conceptual knowledge of database security. Must be able to articulate security concerns to management to be weighed against business needs.

Responsibilities

  • Assess the level of risk associated with vendors services
  • Provide / Define technical solution, contract requirements, and necessary due diligence to relevant stakeholders
  • Execute security risk assessments of vendors providing services to Change Healthcare
  • Be the Information Security subject matter expert to stakeholders outside of information security such as Procurement, Business Units, and Enterprise Technogie functions
  • Measure the vendor’s compliance to critical controls using established procedures
  • Analyze collected information to identify critical risks (findings)
  • Partner with vendors and business teams to develop and track remediation plans
  • Conduct on-site assessments of domestic or international vendor facilities as directed
  • Coordinate responses to customer questionnaires, assessments, and audits of Change Healthcare security functions
  • Gather, organize, and update security control documentation for easy reference during audits
  • Identify and escalate unreasonable audit requests or high-risk vendors to minimize risks to Change Healthcare
  • Deliver risk reporting to IT and business leadership and partner with enterprise risk management functions
  • Maintain and evolve InfoSec Vendor Risk Management program tools, policies, and procedures

Job Requirements :

  • Able to explain security controls to individuals who are not security experts
  • Able to identify alternative methods for achieving compliance to required controls
  • Able to learn high-level information about a variety of security controls and explain them to a layman
  • Able to establish strong working relationships with IT teams, internal business customers, external customers, and peers
  • Able to interface, influence, and communicate (written and verbally) with all levels of management, industry organizations, and customers
  • Experience conducting risks assessments (vendor assessments is a plus)
  • Experience executing audit plans, performing assessments using defined control frameworks
  • Knowledge of information security concepts and theory and the application of such through technical and non-technical methods
  • Solid understanding of a wide variety of IT risk domains
  • Solid understanding of a wide variety of Information Technology concepts

    EDUCATIONAL REQUIREMENTS

  • Bachelor’s degree required – preferably Computer Science or MIS
  • RELATED EXPERIENCE REQUIREMENTS / QUALIFICATIONS

  • Minimum of 2 years of experience in a risk management, security assessment, or internal audit capacity
  • Preferred Requirements

  • Vendor risk assessment experience
  • Understanding of crucial InfoSec regulation & frameworks (PCI, HIPAA, ISO 27001, HITRUST, FISMA) is a plus
  • Experience with Lockpath Keylight GRC suite is a plus

    ADDITIONAL INFORMATION :

  • This position has the potential for both domestic and international travel
  • Create a job alert for this search

    Security Analyst • BGC, Taguig