This site uses cookies. To find out more, see our Cookies Policy

Information Security Risk Analyst, Healthcare SaaS in Southfield, MI at AF Group

Date Posted: 9/11/2018

Job Snapshot

Job Description

Join the hottest domain - Healthcare SaaS solutions! In this role you will be a risk security expert, responsible for securing enterprise information by determining information security risk requirements; planning, implementing, and testing security controls; provide input on security standards, policies, and procedures; mentoring team members. Visiant offers business process outsourcing and software solutions for local and national health plans. Built on the market-leading ikaSystems technology platform, the scalable solution delivers cost-effective back office Medicare service offerings.





RESPONSIBILITIES/TASKS:




  • Perform internal controls and information security risk assessments of existing or emerging technologies to identify inherent risk and evaluate key mitigating controls
  • Gather documentation/technical information in support of audit requests and issue remediation efforts.
  • Provide consultative advice to internal engineering and development teams that enable them to make informed risk management decisions
  • Maintain strong working relationships with individuals and groups involved in managing information security risks across the organization.
  • Participate in moderate to highly complex projects as they pertain to the organization's long-term information security strategy.
  • Provide detailed risk and remediation guidelines, as well as perform remediation activities where applicable
  • Participate in 3rd party audits, assessments, and remediation activities
  • Strong knowledge and understanding of network architecture, application design, systems engineering and integration
  • Interpret business requirements and functional specifications to recommend security requirements
  • Act as a Subject Matter Expert in the discovery and investigation of critical security vulnerabilities as required





    EMPLOYMENT QUALIFICATIONS:



    EDUCATION OR EQUIVALENT

    EXPERIENCE:



    Bachelor's degree in Computer Science, Information Security, or equivalent. Relevant combination of education and experience may be considered in lieu of degree. Professional security management certification such as CISA, CISM, CISSP is preferred.



    EXPERIENCE:



    Three years of experience leading information risk, security and governance teams, transforming functions and changing culture. Experience with classified networks, information classification, and confidentiality requirements associated with high security environments. HITRUST experience desired.



    SKILLS/KNOWLEDGE/ABILITIES (SKA) REQUIRED:



    Required Skills / Experience:


  • A Bachelor's degree in Computer Science, Information Security, or equivalent
  • 5+ years' experience managing risk assessments on internal systems and external vendors
  • 5+ years' experience in architecture or security management with expertise in applying secure software development methods within system development lifecycle efforts
  • Experience conducting security code review, threat modeling, or application penetration assessments
  • Knowledge of software development concepts and methodologies
  • Highly motivated, competitive, entrepreneurial and attracted to challenging opportunities
  • Demonstrates the ability to work in a fast-paced environment where organizational skills are essential
  • Demonstrates strong problem solving, analytical, interpersonal, and ownership skills
  • Possess excellent collaboration skills with a wide variety of internal team members
  • Is an intelligent, self-starting, self-confident individual with integrity and accountability
  • Ability to interact with technical managers and development teams to articulate requirements and processes while collaborating on design options, implementation, testing and user acceptance.
  • Knowledge of network and application security technical controls and common vulnerabilities.
  • Competent in advanced communication skills including the ability to translate technical security concepts to business-oriented audiences
  • Experience in interfacing with multiple information technology application and infrastructure development and support areas within an enterprise
  • Demonstrated ability to develop metrics, perform critical analysis and develop executive decision support content.
  • Strong project management experiences

    Preferred Skills / Experience:


  • CISSP, CISA, GIAC, or related information security certifications are preferred
  • Experience in reviewing healthcare-related information system technical controls for adherence to CMS (Centers for Medicare and Medicaid Services), HIPAA-HITECH, HITRUST, and ISO 27002 security requirements
  • Experience in information security program development is highly desired
  • Understanding of ISO 27001/27002, NIST Cybersecurity Framework, COBIT, and ITIL.

    Preferred Technology Experience:


  • knowledgeable in one or more of the following database environments: Oracle 11g/12c or SQL Server 2008/10/14/16
  • Experience in one or more of the following operating system environments: Microsoft Windows Server 2008/10/12 or Redhat Linux ES 4/5/6
  • knowledgeable conducting security code reviews in one of more of the following languages: C#, ASP.NET, WCF
  • Familiarity with network architecture and topologies
  • Familiarity with APIs, web services (RESTful and SOAP), and SOA (Service Oriented Architecture)
  • Experience with one of the following vulnerability management solutions: Nessus, Veracode, Qualys



    WORKING CONDITIONS:



    Work is performed in an office setting with no unusual hazards. Minimal travel required.

    The qualifications listed above are intended to represent the minimum education, experience, skills, knowledge and ability levels associated with performing the duties and responsibilities contained in this job description.

    We are an Equal Opportunity Employer. Diversity is valued and we will not tolerate discrimination or harassment in any form. Candidates for the position stated above are hired on an "at will" basis. Nothing herein is intended to create a contract.

    Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled