×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security

Information Risk & Compliance Analyst I​/II

Job in Buffalo, Erie County, New York, 14266, USA
Listing for: Univera Healthcare
Full Time position
Listed on 2026-02-16
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below

Job Description

We currently have two openings for this role across the enterprise – one with an affiliate company, CDPHP (Capital District Physicians Health Plan) and one with Excellus BCBS/Univera Healthcare (depending on candidate’s geographic location). The selected candidate will be hired into one of the entities based on experience and business needs.

Opening 1:
Reporting to Jeff Ewing in the Cyber Security Office.

Opening 2:
Reporting to Scott Wiggins on the Third Party & Risk Platform Management Team.

Summary

The Information Risk & Compliance Analyst is responsible for delivering enterprise-wide Information Risk & Compliance disciplines. The role supports all elements of the Information Risk and Compliance program, including information security policies and procedures, risk assessments, training and awareness, external/internal IT audit support, management, and facilitation of control issues to ensure remediation, regulatory compliance, management reporting, and communication of risk. The analyst contributes to the development, maintenance, and refinement of Cyber, Risk, policies, and standards, collaborates with others to create and manage security and related control documentation, works with process owners and business partners to identify control gaps and appropriate remediation plans, monitors and reports on progress of remediation efforts, and drives quality review for all Cyber Risk & Information related audit artifacts.

Essential

Accountabilities Level I
  • Works with teams to continuously improve and update services to ensure they stay ahead of information security and compliance trends.
  • Collaborates with external auditors or other inbound requests as needed.
  • Performs and/or supports any aspect of Information Risk & Compliance activities (policy development, security awareness, 3rd‑party assessment, internal control evaluations, risk assessments, issue management, etc.).
  • Contributes to cyber regulatory compliance at state and federal jurisdictions.
  • Assists with issues relating to Information Risk, including the development of procedures, plans, and security forms to aid the information security program, as well as monitoring and response to unexpected information security control changes across the environment.
  • Contributes input to the Organization’s Cybersecurity program performance metrics.
  • Creates and updates standard operating procedures for assigned security controls, applications, and platforms.
  • Develops materials for Enterprise Security Awareness & training.
  • Executes and supports Cybersecurity program initiatives, such as maintaining processes and workflows like access certification.
  • Participates in various oversight Committee meetings, generates agenda and meeting content.
  • Plans and executes audits or control testing of technology platforms, evaluates information systems’ internal controls, and works collaboratively with management to identify and facilitate corrective actions.
  • Provides monitoring, guidance and direction on security controls, policy, and practices to key stakeholders.
  • Responds to internal customer queries, reports and/or requests relating to IT controls, policies, and standards.
  • Performs review of change management deployments.
  • Defines and supports Service Level Agreements (SLAs) and Key Performance Indicators (KPIs).
  • Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and showcasing the Lifetime Way values and beliefs.
  • Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures.
  • Regular and reliable attendance is expected and required.
  • Performs other functions as assigned by management.
Level II (in addition to Level I Accountabilities)
  • Acts as a change agent to educate the enterprise on Cyber Risk & Information Security Policies and Controls.
  • Independently manages intake activities, recommends, and executes on intake optimization already noted in Level I.
  • Pinpoints strengths and areas for improvement related to organizational security posture and risk management acceptance.
  • Plans and executes complex audits of…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search