Senior Information Security Risk Oversight

Profile

Description

The Senior Information Security Risk Oversight Engineer evaluates, tests, recommends, develops, coordinates, and monitors information systems (IT) and cyber security policies, procedures and systems, including access management for hardware, firmware and software. The Senior Information Security Risk Oversight Professional works assignments involve moderately complex to complex issues where the analysis of situations or data requires an in-depth evaluation of variable factors.

Responsibilities

The Senior Information Security Risk Oversight Engineer helps to ensure that IT and cyber security architecture/designs, plans, controls, processes, standards, policies and procedures are aligned with IT standards and overall IT and cyber security. Identifies security risks and exposures, determines the causes of security weaknesses and suggests procedures to halt future incidents and improve security. Develops techniques and procedures for conducting IT and cyber security risk assessments and compliance audits, the testing for possible impact on system security, and the investigation and resolution of security incidents. Implements IT and cyber security policies and takes measures against intrusion, frauds, attacks or leaks. Begins to influence department's strategy. Makes decisions on moderately complex to complex issues regarding technical approach for project components, and work is performed without direction. Exercises considerable latitude in determining objectives and approaches to assignments.

In this position, you will work closely with areas such as information technology, information protection, data governance, privacy, compliance, vendor management, and first line risk management teams

Partners with operational leaders and SMEs to understand strategy and approach to information security risk management.

Stays current on information security and technology trends including threats, vulnerabilities, and controls/solutions.

Assesses the quality of the controls of company and helps to ensure adherence to policies and standards.

Evaluates information security and data governance and evaluates processes and controls for design, operational effectiveness, and alignment to industry standard frameworks.

Advises and consults with business partners on information security risk management to help inform direction and decision making.

Develops and reports metrics that provide transparency about risks and controls associated with IT and data risks. Makes reports and data visible to stakeholders and communicates to appropriate committees.

Coordinates with data privacy and compliance areas to help ensure applicable data protection requirements are implemented.

Partners with the company vendor risk management and business continuity teams to assess the cyber resiliency and information security risk management posture of our supply chain.

Competencies for the role:

Understanding of data protection and privacy regulatory environment and requirements

Experience in understanding technology strategies and identifying/reviewing risk management plans

Skilled at evaluating security policies, standards, and best practices

Skilled at identifying security risks and exposures, determines the causes of security weaknesses and suggests procedures to halt future incidents and improve security

Strong ability to assess urgency and prioritization and make good decisions based upon situational circumstances

Excellent communication skills with the ability to influence others

Analytical and problem solving skills

Required Qualifications

Bachelor's Degree or equivalent work experience

5 years of related experience in Information Security, Information Assurance, Risk Management, Audit and/or Information Technology risk and controls

3 or more year of Information Security assessment or compliance experience

Preferred Qualifications

Master's Degree in Computer Science, Information Technology or a related field

Certifications: CISA, CISSP, HCISPP, CCSP, CRISC, and/or CISM

Scheduled Weekly Hours

40

Company info

Humana Inc.
Website : http://www.humana.com