Senior Cyber Security Analyst (Hybrid)

Job Expired

About the job

Purpose

Resp & Qualifications

To ensure the organization’s data remains protected from inappropriate access, disclosure and/or damage. To advocate for and execute the processes and practices of the Cybersecurity team while supporting business and customer needs.

Essential Functions

  • Suggests improvement initiatives through research of cybersecurity policies, indicators, and protocols.
  • Designs technical solutions for network protection, endpoint security, access control, auditing, and log management. Develop/Enhance companywide security best practices.
  • Remain up to date on Information Security trends and emergent threats.
  • Researches emerging information security threats, vulnerabilities, and their countermeasures.
  • Assess, plan, and execute security measures in a layered approach to protect the organization.

Supervisory Responsibility

Position does not have direct reports but is expected to assist in guiding and mentoring less experienced staff. May lead a team of matrixed resources.

Qualifications

Education Level: Bachelor’s Degree in Computer Science, Cyber Security, Information Technology, or related field OR in lieu of a Bachelor’s degree, an additional 4 years of relevant work experience is required in addition to the required work experience.

Licenses / Certifications (Preferred)

  • CISSP – Certified Information Systems Security Professional
  • CISM – Certified Information Security Manager
  • CRISC – Certification in Risk and Information Systems Control
  • CISM – Certified Information Security Manager
  • CISA – Certified Information Systems Auditor
  • SANS GIAC certifications in relevant security and risk areas

Experience: 5 years relevant information security experience.

Preferred Qualifications

Knowledge and work experience with several of the following frameworks/regulations:

  • NIST Special Publication 800-53 Rev. 4 /5 ”Security and Privacy Controls for Information Systems and Organizations”.
  • HIPAA Security and Privacy Final Rule (45 CFR Part 164).
  • NIST 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”.
  • HITRUST, FedRAMP.
  • NIST CSF, NIST RMF, FedRAMP, HITRUST, CIS benchmarks, CIS Top 20, Cloud Controls Matrix (CCM), COBIT, CMMC, ISO 27001.
  • Various privacy frameworks: GDPR, CCPA, others.
  • Knowledge of developing SSPs (system security plans) based on NIST 800-171, 800-53, and FedRAMP.
  • Experience in conducting security and privacy risk assessments, completing risk exception and acceptance requests.
  • Familiarity with SIG, SOC2 Type 2, and other security attestation documents to support vendor assessemnts and third party risk management.
  • Skilled at working with a variety of stakeholders (internal and external to the organization) to understand and assess cybersecurity strengths, weaknesses, and gaps in adherence to controls with the ability to develop solutions and documentation to address identified security coverage gaps with a proven ability to elicit, document, analyze and verify requirements.
  • Cyber security business and systems subject matter expertise – especially in Application Security, Data Security, Data Governance, and Network Security domains.
  • Experienced with responding to internal and external audit requests, working with, and communicating to auditors and assessors, understanding the extent of appropriate evidence needed to satisfy audit and assessment requests.
  • Experience with working with enterprise or cybersecurity specific risk registers.
  • Experience with GRC (Governance, Risk, and Compliance) systems or ITRM (Information Technology Risk Management) systems.
  • Excellent written skills to develop, review, and refine cybersecurity standards, SOPs, and policies with communication skills (verbal and written) to communicate to all levels of the organization.
  • Excellent interpersonal skills including the ability to build consensus and agreement and bring resolution to contentious issues and entrenched interests.
  • Proven experience supporting security risk teams with demonstrated business process, workflow, task analysis, and metrics/results measurement. Exposure to user-acceptance testing and requirements analysis knowledge desired.
  • Advanced written and verbal communication skills.
  • Excellent organizational, analytic, and problem-solving skills with the ability to set priorities and handle multiple projects concurrently with attention to detail.
  • Ability to anticipate security governance needs and take action before they become organizational problems.
  • Knowledge of AGILE and/or Waterfall SDLC methodologies.
  • Excellent knowledge of MS Office tool set – MS Word, MS Excel, MS Project, and MS Visio.
  • Understanding of data analysis and modelling.
  • Knowledge of cloud security controls (AWS / Azure).
  • Experience with healthcare insurance industry, especially BCBS plans.
  • Experience with SAI Global’s Compliance360 Enterprise Risk Management and Risk Intelligence Manager modules or other GRC system.
  • Audit experience.
  • Experience evaluating security controls in a mainframe environment.

Knowledge, Skills And Abilities (KSAs)

  • Ability to explain technical information to technical and nontechnical personnel.
  • Knowledge of cybersecurity trends and industry best practices.
  • Knowledge of network architecture and firewall security.
  • Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service.
  • Knowledge of cybersecurity risk management techniques, frameworks, best practices and industry/regulatory requirements.
  • Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.

Travel Requirements

Estimate Amount: Minimal

Department

Department: Security Governance and Report

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Where To Apply

Please visit our website to apply: www.carefirst.com/careers

Federal Disc/Physical Demand

Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

Physical Demands

The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

More Information

  • This job has expired!

13th Anniversary Global InfoSec Awards for 2025 now open for super early bird packages! Winners Announced during RSAC 2025...

X