SHIFT: Day Job
Your Talent. Our Vision. At Anthem, Inc., it's a powerful combination, and the foundation upon which we're creating greater access to care for our members, greater value for our customers, and greater health for our communities. Join us and together we will drive the future of health care.
This is an exceptional opportunity to do innovative work that means more to you and those we serve at one of America's leading health benefits companies and a Fortune Top 50 Company.
Info Security Sr Advisor (IS Control Governance - Control/Audit focus)
Looking for an individual with a combination of Information Security domain knowledge, audit experience (internal and/or external) and preferred, technical knowledge. Able to lead efforts to assess and mature Information Security controls. Info Security Sr Advisor develops, recommends, and implements enterprise information technology and information security policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information technology and information security in compliance with established company policies, regulatory requirements, and generally accepted information technology and information security controls. Responsible for advising on the selection and delivery of strategic network security, access control and secure transaction/messaging solutions within the context of a control framework.
Primary duties may include, but are not limited to:
- Advise on and participate in Information Security IS control activities in order to partner with Information Security Operational leaders to counsel on standard control execution.
- Support IS leaders with controls remediation plans and IS process improvement and remedition activities to meet stringent regulatory and audit requirements.
- Participate in and advise on all internal control assessment and audit management activities in support of the IT compliance activities.
- Assesses risk of IT systems, operational processes and participates in IT Risk Assessment procedures with a focus on the Information Security Domains
- Help document IT/IS business processes dependent on information technology.
- Research relevant IT and IS regulatory, compliance and audit trends across healthcare, business, competition and regulatory environments; recommends strategy adjustments.
- Help develop and implement education, training and other mechanisms used to ensure compliant behavior for adequate internal controls
- Provides company management with consultative support in controlling and/or enhancing processes and systems in compliance with policies and regulations focused on SOX, SOC and other regulatory guidance.
- Can provide trouble resolution and serves as point of technical escalation on complex problems.
- Creates presentations and seeks IT management input l and acceptance of significant replacements or reconfigurations of major security systems serving the Enterprise.
- Advises on vendor strategy and direction. May be assigned to project teams for technical consultation to business partners and developers.
- Helps assess comprehensive access management and network security controls based on defined technology standards;
- Able to work with architecture to update technology controls direction & strategy.
- Develops reports supporting strategy and direction for management.
- Acts as a subject matter expert among peers, with manager and senior management.
- Must be knowledgeable of and/or experienced in 5 or more of the information security technology common body of knowledge skill sets: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery Planning, 4) Cryptography, 5) Information Security and Risk Management 6) Legal, Regulations, 7) Compliance and Investigations, 8) Operations Security, 9) Physical (Environmental) Security, 10) Security Architecture and Design, 11) Telecommunications and Network Security.
Requires BS/BA in related field; 8+ years experience in systems administration and security aspects of information systems, computer networking, telecommunications, systems development and management; significant experience with multiple technical and business disciplines required.; or any combination of education and experience, which would provide an equivalent background. Advanced knowledge and understanding of industry-accepted it general controls and data security and data processing controls and concepts as applied to access people, process and technology (management and network security technologies, hardware, software, data, network communications, etc.). Security and Audit Certifications preferred (e.g , CISA: Certified. Information Security Auditor, CISM: Certified Information Security Manager, CISSP: Certified Information Systems Security Professional, CIPP/A,M,T,P, Information Systems Security Architecture Professional, Information Systems Security Engineering Professional, Certification and Accreditation ,or equivalent certifications. Position requires a well-rounded IT/IS control and audit depth of knowledge, specifically in the area of SOX/SOC1/SOC2 audits. IT Security Audit experience. Strong project management skills preferred.
Anthem, Inc. is ranked as one of America's Most Admired Companies among health insurers by Fortune magazine and is a 2018 DiversityInc magazine Top 50 Company for Diversity. To learn more about our company and apply, please visit us at careers.antheminc.com. An Equal Opportunity Employer/Disability/Veteran.