9 Sr Analyst IT Security Risk Assessment Third Party jobs in Columbia

• Develop strategies and approaches for business development proposals within a compliance and systems security context. Plan and perform compliance and systems security activities in alignment with contractual role. Communicate and escalate compliance and risk issues to the appropriate customer representative and/or level of management. Act as a change agent to influence I/S and corporate compliance culture in alignment with business constituency. Develop strong systems security customer business relationship. Provide expert level consultation regards contractual system security obligations, frameworks, control requirements.
• 20% Oversee remediation of new and outstanding issues, including Information Security Risk Exception process, across multiple business areas and security frameworks. Utilize tools to track and report on compliance posture.
• 20% Conduct or lead others in the procedural and operational review of internal IS security compliance standards. Oversee formal risk analysis and self-assessments to determine effectiveness of controls and ensure creation of action plans to remediate identified risks. Identify and champion efficiency improvements related to security, risk and compliance processes. Engage appropriate Client Management areas to facilitate process improvements through formal IS Methodology.
• 20% Lead the development, implementation and documentation of Information Security policies, procedures, processes and programs to guide IS toward continuous compliance. May conduct or lead others in the analysis and interpretation of security regulations and controls. Proactively provide strategic consulting to IS functional teams with the development, implementation, monitoring, and reporting of control processes, documentation and compliance routines for moderate to highly complex work efforts.
• 20% Serve as an interface with external entities for governance and compliance reviews regarding information security risk.
• 10% Conduct or lead others in the investigation, documentation and resolution of Information Security Incidents. Advises senior management of critical issues that may affect organization.
• 10% Research emerging security topics, threats and capabilities to create/update policy and governance. Engage appropriate leaders to evaluate and mitigate potential exposure. Promote organizational security awareness by developing security training, Security Council bulletins, security policies, standards and best practices, as well as delivering training to personnel

• Management of risk management activities: Process, monitor, and report on security/compliance risk items.
• Perform Corporate Risk Assessment and communicate results to Senior Management.
• Conduct research and assessments on security related topics. (Policy, Third-Party, Security Processes)
• Develop and communicate security policies and security standards.
• Provide consultation and guidance to the different Business Units for security and compliance activities.
• Facilitate meetings and conduct presentations with various levels of management.

• Strategic Security & Compliance Services

• SSCS Team is a small team, however we work with multiple Lines of Business (LOB) and teams across the company.
• Currently oversee multiple strategies: Enterprise Risk Management, Third Party Risk Management, Access Management, Application Security, and others.
• Support over 20 LOBs under the Client's umbrella.
• Manage Corporate Security Framework (Security Policies).
• Conduct risk assessments periodically and present results to senior management.
• Conduct research and analysis on security/compliance related topics.
• Part of the I/S Governance committee. Chair the Policy and I/S Standards Committee.
• Engaged in the yearly budget for Security and Compliance activities.

• 8 years of I/T experience including 6 years of IT security, risk assessment and/or compliance experience. Successful completion of Client's I/S Entry Level Training Program (ELTP) may be substituted for 2 years of I/T experience.

• Bachelor's Degree in Computer Science, Information Technology or related degree. or 4 years of job related work experience or 2 years of job related experience plus an associate's degree in Computer Science, Information Technology or other job related degree.

• ISC2 Certified Information Systems Security Professional (CISSP).

• Microsoft (M365): Outlook, Teams, Excel, Word, Lists, PowerPoint, SharePoint (Intermediate)

• Complete understanding of systems security business life cycle methodologies.
• Subject Matter Expert in both government and private risk frameworks and control implementations.
• Comprehensive understanding of business system security risk management, information system security and compliance practices.
• Demonstrate excellent analytical, problem solving, decision-making skills, interpersonal and ownership skills.
• Proven ability to interpret and apply knowledge of regulatory/accreditation requirements.
• Ability to lead others in solving problems often spanning multiple environments and business areas. Ability to effect change and bring security, risk and compliance knowledge to the organization through the use of positive influence.
• Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets and communication protocols.
• Excellent communication skills in presenting results to customer, senior management, and matrix staff both verbally and in writing.
• Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content.
• Possess excellent collaboration skills with a wide variety of internal matrix and management staff.

• Microsoft: Visio, Planner, Forms, PowerBI, Power Automate). RSA-Archer, Service Now (Intermediate)

Summary:

The Meta Security team is responsible for improving the security posture of the software and services used throughout our company. Our work spans Facebook, Instagram, WhatsApp, Oculus, and all of the underlying systems and infrastructure that power these products behind the scenes.We are seeking a committed and experienced security engineer to join our Security Risk Management (SRM) team to help design and build solutions to:* Drive better understanding of security risk and enable investment decisions through automation, monitoring, and tracking of Meta's security tools, systems, and controls* Enable security and software engineers to seamlessly respond to requests to prove effective design and operation of security capabilities* Increase maturity of security capabilities through control improvements and redesign

Required Skills:

Security Engineer - Security Risk Management Responsibilities:

1. Work with a team of software, data, and security engineers that design, build, and own software solutions that scale high fidelity security risk contextualization, tracking, and reporting

2. Understand and influence evolution of security capabilities across various domains to scale and automate: a) monitoring the effectiveness, and b) increasing the maturity of those capabilities

3. Design and build solutions to scale managing and responding to risk management & compliance related requests

Minimum Qualifications:

Minimum Qualifications:

1. Bachelor's degree or equivalent experience in information security

2. 5+ years work experience securing enterprise-scale infrastructure software and services

3. 3-5+ years programming experience with at least one of the following languages: Python, PHP, Ruby, or similar scripting languages

4. Experience remediating infrastructure security gaps across broad corporate boundaries using influence and relationships

5. Experience with security control automation/monitoring or "compliance as code" implementations

6. Experience thinking critically and defending solutions with solid communications skills in a cross-functional setting to influence decision makers across all levels of technical background

Preferred Qualifications:

Preferred Qualifications:

1. Networking and system administration experience of server (Linux, Windows) and client (Windows, macOS, Linux) operating systems

2. Experience influencing software engineers to build products meant to scale security solutions

3. Experience generating automated metrics to measure service and program effectiveness and consistency

4. Experience with common risk & compliance program activities (e.g., controls, risk, policy management)

Public Compensation:

$147,000/year to $208,000/year + bonus + equity + benefits

Industry: Internet

Equal Opportunity:

Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment.

Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at

Duties: Develop strategies and approaches for business development proposals within a compliance and systems security context. Plan and perform compliance and systems security activities in alignment with contractual role. Communicate and escalate compliance and risk issues to the appropriate customer representative and/or level of management. Act as a change agent to influence I/S and corporate compliance culture in alignment with business constituency. Develop strong systems security for customer business relationship. Provide expert level consultation regarding contractual system security obligations, frameworks, control requirements.

•20% Oversee remediation of new and outstanding issues, including Information Security Risk Exception process, across multiple business areas and security frameworks. Utilize tools to track and report on compliance posture.

•20% Conduct or lead others in the procedural and operational review of internal IS security compliance standards. Oversee formal risk analysis and self-assessments to determine effectiveness of controls and ensure creation of action plans to remediate identified risks. Identify and champion efficiency improvements related to security, risk and compliance processes. Engage appropriate Client Management areas to facilitate process improvements through formal IS Methodology.

•20% Lead the development, implementation and documentation of Information Security policies, procedures, processes and programs to guide IS toward continuous compliance. May conduct or lead others in the analysis and interpretation of security regulations and controls. Proactively provide strategic consulting to IS functional teams with the development, implementation, monitoring, and reporting of control processes, documentation and compliance routines for moderate to highly complex work efforts.

•20% Serve as an interface with external entities for governance and compliance reviews regarding information security risk.

•10% Conduct or lead others in the investigation, documentation and resolution of Information Security Incidents. Advises senior management of critical issues that may affect organization.

•10% Research emerging security topics, threats and capabilities to create/update policy and governance. Engage appropriate leaders to evaluate and mitigate potential exposure. Promote organizational security awareness by developing security training, Security Council bulletins, security policies, standards and best practices, as well as delivering training to personnel.
Skills: Required Skills and Abilities: Complete understanding of system security business life cycle methodologies. Subject Matter Expert in both government and private risk frameworks and control implementations. Comprehensive understanding of business system security risk management, information system security and compliance practices. Demonstrate excellent analytical, problem solving, decision-making skills, interpersonal and ownership skills. Proven ability to interpret and apply knowledge of regulatory/accreditation requirements. The ability to lead others in solving problems often spanning multiple environments and business areas. Ability to effect change and bring security, risk and compliance knowledge to the organization using positive influence. Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets and communication protocols. Excellent communication skills in presenting results to customer, senior management, and matrix staff both verbally and in writing. Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content. Possess excellent collaboration skills with a wide variety of internal matrix and management staff.

Required Software and Tools: Standard office equipment.

Preferred Licenses and Certificates:
ISC2 Certified Information Systems Security Professional (CISSP).
Keywords:
Education: Required Education : Bachelor's Degree in Computer Science, Information Technology or related degree. or 4 years of job related work experience or 2 years of job related experience plus an associate’s degree in Computer Science, Information Technology or other job related degree.

Required Work Experience : 8 years of I/T experience including 6 years of IT security, risk assessment and/or compliance experience. Successful completion of I/S Entry Level Training Program (ELTP) may be substituted for 2 years of I/T experience.

IS Required Education: Bachelor's Degree in Computer Science, Information Technology or related degree. or 4 years of job related work experience or 2 years of job related experience plus an associate’s degree in Computer Science, Information Technology or other job related degree.

Required Work Experience : 8 years of I/T experience including 6 years of IT security, risk assessment and/or compliance experience. Successful completion of I/S Entry Level Training Program (ELTP) may be substituted for 2 years of I/T experience.

C2 Eligibility is required Team Name: Strategic Security & Compliance Services Work Hours - 8-5 p.m. Partially onsite – Onsite Tuesday, Wednesday, Thursday, but could also be required to come in more for important meetings etc. It is highly recommended to be onsite more days during training period. Not required but highly recommended.

Required Technologies : Microsoft (M365): Outlook, Teams, Excel, Word, Lists, PowerPoint, SharePoint (Intermediate)

Nice to Have:
Microsoft: Visio, Planner, Forms, PowerBI, Power Automate). RSA-Archer, Service Now (Intermediate)

Day to Day:

1. Management of risk management activities: Process, monitor, and report on security/compliance risk items.

2. Perform Corporate Risk Assessment and communicate results to Senior Management.

3. Conduct research and assessments on security-related topics. (Policy, Third-Party, Security Processes)

4. Develop and communicate security policies and security standards.

5. Provide consultation and guidance to the different Business Units for security and compliance activities.

6. Facilitate meetings and conduct presentations with various levels of management.

About The Team: 1. SSCS Team is a small team, however we work with multiple Lines of Business (LOB) and teams across the company.

a. Currently oversee multiple strategies: Enterprise Risk Management, Third Party Risk Management, Access Management, Application Security, and others.

b. Support over 20 LOBs under our umbrella.

c. Manage Corporate Security Framework (Security Policies).

d. Conduct risk assessments periodically and present results to senior management.

e. Conduct research and analysis on security/compliance related topics.

f. Part of the I/S Governance committee. Chair the Policy and I/S Standards Committee.

g. Engaged in the yearly budget for Security and Compliance activities.

Description:

Why should you join the BlueCross BlueShield of South Carolina family of companies? Other companies come and go, but for more than seven decades we've been part of the national landscape, with our roots firmly embedded in the South Carolina community. Business and political climates may change, but we're stronger than ever. Our A.M. Best rating is A+ (Superior) - making us the only health insurance company in South Carolina with that rating. We're the largest insurance company in South Carolina .and much more. We are one of the nation's leading administrators of government contracts. We operate one of the most sophisticated data processing centers in the Southeast. We also have a diverse family of subsidiary companies that allows us to build on a variety of business strengths. We deliver outstanding service to our customers. If you are dedicated to the same philosophy, consider joining our team!

Job Title: Senior IS Security Risk Analyst

Position Notes:

• Required Education: Bachelor's Degree in Computer Science, Information Technology or related degree. or 4 years of job related work experience or 2 years of job related experience plus an associate's degree in Computer Science, Information Technology or other job related degree.
• Required Work Experience: 8 years of I/T experience including 6 years of IT security, risk assessment and/or compliance experience. Successful completion of BCBSSC I/S Entry Level Training Program (ELTP) may be substituted for 2 years of I/T experience.
• C2 Eligibility is required
• Team Name: Strategic Security & Compliance Services
• Work Hours - 8-5 p.m.
• Partially onsite - Onsite Tuesday, Wednesday, Thursday, but could also be required to come in more for important meetings etc. Highly recommended to be onsite more days during training period. Not required but highly recommended.
• Required Technologies: Microsoft (M365): Outlook, Teams, Excel, Word, Lists, PowerPoint, SharePoint (Intermediate)
• Nice to Have: Microsoft: Visio, Planner, Forms, PowerBI, Power Automate). RSA-Archer, Service Now (Intermediate)

• Complete understanding of systems security business life cycle methodologies. Subject Matter Expert in both government and private risk frameworks and control implementations.
• Comprehensive understanding of business system security risk management, information system security and compliance practices.
• Demonstrate excellent analytical, problem solving, decision-making skills, interpersonal and ownership skills.
• Proven ability to interpret and apply knowledge of regulatory/accreditation requirements.
• Ability to lead others in solving problems often spanning multiple environments and business areas.
• Ability to effect change and bring security, risk and compliance knowledge to the organization through the use of positive influence.
• Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets and communication protocols. Excellent communication skills in presenting results to customer, senior management, and matrix staff both verbally and in writing.
• Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content.
• Possess excellent collaboration skills with a wide variety of internal matrix and management staff.

• Work Authorization : US Citizen
• Preferred years of experience : 1+ Years
• Travel Required : No travel required
• Shift timings: Not specified

Description:

Why should you join the BlueCross BlueShield of South Carolina family of companies? Other companies come and go, but for more than seven decades we've been part of the national landscape, with our roots firmly embedded in the South Carolina community. Business and political climates may change, but we're stronger than ever. Our A.M. Best rating is A+ (Superior) - making us the only health insurance company in South Carolina with that rating. We're the largest insurance company in South Carolina .and much more. We are one of the nation's leading administrators of government contracts. We operate one of the most sophisticated data processing centers in the Southeast. We also have a diverse family of subsidiary companies that allows us to build on a variety of business strengths. We deliver outstanding service to our customers. If you are dedicated to the same philosophy, consider joining our team!

Job Title: Senior IS Security Risk Analyst

Position Notes:

• Required Education: Bachelor's Degree in Computer Science, Information Technology or related degree. or 4 years of job related work experience or 2 years of job related experience plus an associate's degree in Computer Science, Information Technology or other job related degree.
• Required Work Experience: 8 years of I/T experience including 6 years of IT security, risk assessment and/or compliance experience. Successful completion of BCBSSC I/S Entry Level Training Program (ELTP) may be substituted for 2 years of I/T experience.
• C2 Eligibility is required
• Team Name: Strategic Security & Compliance Services
• Work Hours - 8-5 p.m.
• Partially onsite - Onsite Tuesday, Wednesday, Thursday, but could also be required to come in more for important meetings etc. Highly recommended to be onsite more days during training period. Not required but highly recommended.
• Required Technologies: Microsoft (M365): Outlook, Teams, Excel, Word, Lists, PowerPoint, SharePoint (Intermediate)
• Nice to Have: Microsoft: Visio, Planner, Forms, PowerBI, Power Automate). RSA-Archer, Service Now (Intermediate)

• Complete understanding of systems security business life cycle methodologies. Subject Matter Expert in both government and private risk frameworks and control implementations.
• Comprehensive understanding of business system security risk management, information system security and compliance practices.
• Demonstrate excellent analytical, problem solving, decision-making skills, interpersonal and ownership skills.
• Proven ability to interpret and apply knowledge of regulatory/accreditation requirements.
• Ability to lead others in solving problems often spanning multiple environments and business areas.
• Ability to effect change and bring security, risk and compliance knowledge to the organization through the use of positive influence.
• Understanding of infrastructure and networking architecture WANs, LANs, Internet, intranets and communication protocols. Excellent communication skills in presenting results to customer, senior management, and matrix staff both verbally and in writing.
• Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content.
• Possess excellent collaboration skills with a wide variety of internal matrix and management staff.

• Work Authorization : US Citizen
• Preferred years of experience : 1+ Years
• Travel Required : No travel required
• Shift timings: Not specified