Infrastructure / Application reviews :
Partners with the enterprise to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers
Performs focused risks assessments of existing or new services and technologies, security architecture, identifies design gaps, risks, and recommends enhancements
Communicates risk assessment findings to information security customers, or business partners. Explore risk mitigation controls
Serves as an information security expert and trusted advisor to partners in IT and the business
Evaluate compliance of operation processes with Information Protection policies and related government regulations
Identifies and implements appropriate controls to effectively manage information risks as needed
Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing residual risk
Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
Stays abreast of current and emerging security threats and designs security architectures to mitigate them
Service Partner Security Assessment :
Plan and perform site reviews of physical and IT facilities, measuring actual conditions against submitted responses. Evaluate IT processes to ensure effective information protection is practiced.
Produce site visit reports with improvement recommendation. Track improvement efforts until closure.
Perform general walkthrough evaluations of new facilities and processes under consideration. Provide recommendation to business.
Meet with vendors and employees to resolve or track compliance issues.
Attend demonstrations of applications and prepare reports on potential for data leakage or infrastructure security issues.
Review any regular security reports for abnormality
Work with supplier chain management on contracts to include security terms.
Escalation to the fellow CIP team on security issues related to service partners.
Support the Management team (Regional Information Security Officer and Senior Manager) :
Work with individual local security teams assigned to ensure security controls applied are compliant to CIP policies and standards
Work with the RISO on managing security incidents
Regular risk & activity reporting
Issue tracking with local security teams
Review and approval of application / infrastructure changes in terms of security
Coordinate CIP initiatives with other countries as required
Maintain strong working relationships with individuals and groups involved in managing information risks across the organization
Partner with the CIP and IT teams to implement standard security solutions and capabilities that are aligned with business, technology and threat drivers
Stay abreast of current and emerging security threats and security architectures to mitigate the threats
Skills Needed :
Health Insurance or Health Care Industry experience preferred
Ability to multitask and timely execute
Ability to grasp and understand complicated relationships
Proven Communication skills, able to write and verbally communicate effectively
Organizational courage to escalate and resolve risk issues
Flexible can adapt to changing organization changing business needs, technological advances and agile methodology
Demonstrates technical skills in infrastructure, application and third party security assessments.
Self-starter and shows empathy towards business requirements and able to influence changes to facilitate security
Experience with assessing and mitigating risk
Experience with contracting and negotiations
Travel required, approximately 10%
BS degree or equivalent experience
CISSP, CISA, CISM, CRISC or similar certifications preferred
Broad high level knowledge, hands-on experience, and exposure to a wide range of IT subject areas, business, IT & physical controls
Strong written and spoken English skills
Qualified candidates will typically have 8+ of professional IT experience work experience, and 4 years in information security
Experience and working knowledge of PCI DSS & ISO 27001 certification is a plus
Experience with process and change management, reporting and incident handling.
Demonstrated ability to communicate at high levels, both verbally and in reporting
Excellent problem identification, solving and critical reasoning skills.
Ability to work successfully with a minimum of supervision in a fast paced and sometimes pressured environment.