Senior Information Security Analyst

This position will work closely with the Enterprise Risk and Information Security Officer to provide timely and quality service to ensure compliance with Neighborhoods information security and risk policies and procedures. The role is responsible for maintaining continuous monitoring of activities in support of the HiTrust control framework and supporting information security, risk, and compliance governance across the enterprise. It includes assisting in establishing information security requirements, evaluating business strategies and processes, developing applicable security standards, executing control assessments, and remediating identified control gaps.

• Responsible for the continuous monitoring program to assert the control environment is operating effectively.
• Develop Security Control Monitoring Test Plans and Schedule.
• Establish ownership of the controls, schedule regular assessments, and testing.
• Report control failures, and gaps to stakeholders, provide recommendations and assist in developing solutions, and prepare management reports to track remediation activities.
• Develop and implement security policies, procedures and requirements, collaborating with control owners to enforce and track compliance.
• Perform technology risk and controls assessments such as account control assessments for systems, applications, infrastructure, and operational processes.
• Track corrective action plans for identified information security issues.
• Maintain inventory of exceptions to Information Security policy, standard, control, and configuration requirements.
• Manage priorities, perform tasks in an orderly fashion, and meet deadlines.
• Demonstrate agility and flexibility with changing priorities.
• Develop Key IT Metrics (KPIs and KRIs) and prepare reports for the Enterprise Risk and Information Security Officer and Senior Leadership, reporting on Information Security program achievements, successes, challenges, and opportunities for improvement.
• Perform other duties as required.
• Corporate Compliance Responsibility – responsible for complying with Neighborhoods Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules, regulations, policies, and procedures as they apply to the role. Exercise due diligence to prevent, detect and report unlawful or unethical conduct by co‑workers, professional affiliates, and/or agents.

Required:

• Bachelor’s degree in computer science, information systems, or a related field, or equivalent education and relevant work experience.
• Minimum of five (5) years of experience in an information security or IT‑related professional role.
• Knowledge of security issues, techniques, and implications across computing platforms.
• Experience implementing and reporting on Continuous Monitoring of information security, risk, and privacy controls.
• Sound knowledge of the NIST Cyber Security Framework, Risk Management Framework, and Cloud Security Alliance Cloud Security Controls matrix.
• Experience with Information Security best practices.
• Strong written and verbal communication skills, professional attitude, and excellent references.

Preferred:

• Experience in Information Security within insurance or healthcare/health plan industries.
• Information Security certifications (CISSP, CISM, CISA, or Security+).
• Experience with Governance/Risk/Compliance (GRC) tools.
• Experience developing, communicating, and executing new programs.
• Aptitude for data collection and analysis, statistics, visual presentation methods, and process mapping and modeling.
• Experience reporting or presenting to senior management, the Board, and/or Committees of the Board on the status of information security.

Mid-Senior level

Full‑time

Information Technology

Insurance

Woonsocket, RI – $–$