BlueCross BlueShield of Western New York

About BlueCross BlueShield of Western New York


Job Category:

Information Technology


United States

Postal Code:


Approximate Salary:

Not Specified

Position Type:

Full Time

This job has expired and you can't apply for it anymore. Start a new search.

Mgr, Enterprise Information Risk Assurance (EIRA)

Posted: 09/4/2018

Auto req ID 1876BR Company HealthNow NY, Inc. About Us HealthNow New York Inc. is one of New York’s leading health care companies that provide access to quality health care and innovative solutions for individuals and employers. HealthNow offers a full range of insured, self-insured, and government programs and services, as well as life and disability coverage, dental and vision plans and stop-loss coverage. Headquartered in Buffalo, NY, the company operates BlueCross BlueShield of Western New York (Buffalo), BlueShield of Northeastern New York (Albany), Health Now Brokerage Concepts (Blue Bell, PA) and Health Now Administrative Services (across the Northeast US and California). In 2013 the company had revenues of $2.46B and reserves of $592 million. Title Mgr, Enterprise Information Risk Assurance (EIRA) Status Full Time Regular Hours 40 Job Description The Manager of Enterprise Information Risk Assurance is responsible for managing a team of information risk assurance analysts responsible for the design and execution of risk and control assurance activities including threat / risk identification, control assessments, controls testing, exception reporting and final report issuance. This individual is responsible for the monitoring of overall adherence to the risk and control strategy and to applicable regulations such as HIPAA and PCI-DSS through regularly scheduled reviews of in-scope technical assessment areas. This individual will develop and oversee a governance program to ensure that critical controls are operating effectively, and any identified issues are being adequately resolved by the responsible owner. The incumbent will be responsible for coordinating all technology-related internal and external audit activities. They will consult with management to assist in the development and evaluation of issues and findings, developing action plans and performing root cause analysis. The Manager of Enterprise Information Risk Assurance will also act as liaison between the Enterprise Information Assurance (EIA) department and technology and business partners. Primary Responsibility Oversee the general activities and concerns of the organization's assurance functions including: governance, policy, control design, general operational effectiveness and internal controls. Assists management in the assessment of project risks and controls Continually evaluates the adequacy and effectiveness of controls, policy and information assurance programs Builds positive, productive working relationships with business partners Translates security risks and communicates effectively to business partners within the organization Applies experience in audit, security and regulatory frameworks including ISO 27001, PCI, HIPPA, SOC, and HITRUST Partner and build strong working relationships with key stakeholders including but not limited to Technology, Sourcing/Procurement, Legal and other cross-functional teams to develop an assessment program which meets regulatory, compliance and business needs Produce meaningful and value-added reporting and metrics on risk programs, assurance reviews, tests results to ensure control are working as designed and risks and findings are being addressed Develop, communicate and ensure compliance with organizational security policies and standards Utilizes network and application assessment tools and methodologies to manage and address control issues with the following technologies: UNIX, Windows Servers, databases (Oracle, SQL, DB2, etc), mainframe, firewalls, routers, wireless environments, mobile devices, and cloud computing Performs IT audits, risk assessments, network and application penetration testing and security assessments and vulnerability/risk validation. Understand business and information technology management processes Generate and execute innovative ideas and challenge the status quo Stays current on changes to technology, internal policy and standards, and relevant regulatory programs and evaluates potential impacts on the risk and controls and suggests modifications to risk programs. Perform other duties as required. Knowledge and Skills Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and nontechnical audiences. Must be a critical thinker with strong problem-solving skills. Knowledge of technological trends and developments in the area of information assurance and technology risk management. Effective project management skills; scheduling and resource management. Experience with productivity software, such as Windows, Microsoft Office software. Knowledge of security and control frameworks, such as ISO 27001/27002, CobiT, COSO and HITRUST. High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity. High degree of initiative, dependability and ability to work under minimal supervision. Expertise with performing IT Risk & Security assessments, developing information security strategies, and recommending security solutions to assist businesses with the assessment and improvement of their security infrastructure. Expertise with assessing and recommending enterprise security solutions in adherence with industry security standards. Demonstrates expertise with organizational and policy development, vulnerability management, risk assessment and IT Risk Management skills Experience Degree in business administration or a technology-related field, or equivalent work- or education-related experience. Minimum 10 years experience in a combination of IT Audit, information assurance and information security role. Minimum of 2 years experience in a supervisory or lead role. Professional certification, such as a CISSP, CISM, CISA, CRISC or other information assurance credentials, is preferred. Education Required Education:Bachelors Degree (Business Admin.,Information Technology) Working Conditions Must be able to work in an office environment Manual Dexterity Req: Eye-hand coordination and manual dexterity sufficient to effectively use a computer with all its components for prolonged periods of time and for the majority of required tasks Manual Dexterity Req: Eye-hand coordination and manual dexterity sufficient to effectively utilize various office equipment (phone, computer, fax machine, printer, copier, filing cabinet, etc) Removal Date 09-Jul-2019

Apply Now
This job has expired and you can't apply for it anymore