Blue Cross Blue Shield of Alabama
Cybersecurity Analyst
Blue Cross Blue Shield of Alabama, Birmingham, Alabama, United States, 35275
Overview
Information Security works to maintain the confidentiality and integrity of all company proprietary information as well as protected health information. The department works across company lines to ensure that appropriate measures are taken to maintain compliance with regulatory requirements and with generally accepted information security best practices.
Primary Responsibilities The Cybersecurity Analyst will focus on assessing and managing cybersecurity risks associated with third-party vendors and suppliers. This role ensures that external partners meet the organization's security standards and regulatory requirements, reducing exposure to supply chain threats.
Vendor Risk Assessment: Conducting detailed cybersecurity risk assessments for high-risk vendors at onboarding and periodically throughout the relationship
Policy & Compliance: Ensuring vendor contracts include appropriate cybersecurity clauses covering data protection, incident response, and compliance obligations
Continuous Monitoring: Implementing and maintaining ongoing monitoring of vendor security posture using questionnaires, risk scoring, and automated tools
Risk Reporting: Documenting and reporting vendor risk metrics, remediation plans, and compliance status to leadership and governance committees
Collaboration: Working closely with procurement, legal, and business units to align vendor risk management with enterprise risk tolerance
Incident Response: Participating in incident planning and response activities involving vendors, including tabletop exercises and post-incident reviews
Integration: Incorporating vendor risk considerations into business continuity and disaster recovery planning
Regulatory Alignment: Staying current on regulatory requirements and industry standards related to third-party risk management
Summary of Qualifications
Bachelor's degree, preferably in Information Systems or a related field; or in lieu of a degree, 3 years' experience in Information Systems with direct experience in Information Security functions
Minimum of 2 years of information technology experience
Strong background in Information Technology and information security techniques and tools
Excellent human relations, listening, speaking and written communication skills in order to explain and discuss technical risks in both technical and business terms
Experience thinking logically and analytically in order to collect and analyze data in order to guide decision making
Demonstrated and effective team leadership skills in order to lead teams, including developing control strategies, project plans, monitoring progress, and promoting quality and timeliness from the team
Experience creating, understanding and utilizing complex processes
Experience facilitating initiatives that challenge or change existing processes
Certified Information Security Professional (CISSP) certification or Certified Information Systems Auditor (CISA) preferred
Experience in contract review for cybersecurity clauses preferred
Knowledge of supply chain risk management and vendor lifecycle processes preferred
Foundational knowledge of core information security concepts, such as multi-factor authentication (MFA), access control, encryption, secure authentication principles and general security best practices preferred
Major professional certification applicable to Information Security preferred
*This position may be filled at a higher level based on experience*
Work Location The work schedule for this position will be hybrid (onsite/remote). Business areas reserve the right to require associates to return to the office as needed, based on performance or other business considerations. A hybrid work schedule is subject to amendment or termination at any time by the Company.
Terms and Agreements By submitting a job application, I attest that all information to the best of my knowledge is true and accurate. Furthermore, I understand that any information provided by me throughout the job application process is subject to verification including, but not limited to work experience, education, assessment (test) and interviews. We appreciate your interest in Blue Cross and Blue Shield of Alabama 'The Company'. The Company does not discriminate in hiring or employment on the basis of race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, genetics, status as a disabled or protected veteran, or because of citizenship status in the case of a citizen or intending citizen. No question on this application is intended to secure information to be used for such discrimination. Blue Cross and Blue Shield of Alabama is an independent licensee of the Blue Cross and Blue Shield Association
#J-18808-Ljbffr
Primary Responsibilities The Cybersecurity Analyst will focus on assessing and managing cybersecurity risks associated with third-party vendors and suppliers. This role ensures that external partners meet the organization's security standards and regulatory requirements, reducing exposure to supply chain threats.
Vendor Risk Assessment: Conducting detailed cybersecurity risk assessments for high-risk vendors at onboarding and periodically throughout the relationship
Policy & Compliance: Ensuring vendor contracts include appropriate cybersecurity clauses covering data protection, incident response, and compliance obligations
Continuous Monitoring: Implementing and maintaining ongoing monitoring of vendor security posture using questionnaires, risk scoring, and automated tools
Risk Reporting: Documenting and reporting vendor risk metrics, remediation plans, and compliance status to leadership and governance committees
Collaboration: Working closely with procurement, legal, and business units to align vendor risk management with enterprise risk tolerance
Incident Response: Participating in incident planning and response activities involving vendors, including tabletop exercises and post-incident reviews
Integration: Incorporating vendor risk considerations into business continuity and disaster recovery planning
Regulatory Alignment: Staying current on regulatory requirements and industry standards related to third-party risk management
Summary of Qualifications
Bachelor's degree, preferably in Information Systems or a related field; or in lieu of a degree, 3 years' experience in Information Systems with direct experience in Information Security functions
Minimum of 2 years of information technology experience
Strong background in Information Technology and information security techniques and tools
Excellent human relations, listening, speaking and written communication skills in order to explain and discuss technical risks in both technical and business terms
Experience thinking logically and analytically in order to collect and analyze data in order to guide decision making
Demonstrated and effective team leadership skills in order to lead teams, including developing control strategies, project plans, monitoring progress, and promoting quality and timeliness from the team
Experience creating, understanding and utilizing complex processes
Experience facilitating initiatives that challenge or change existing processes
Certified Information Security Professional (CISSP) certification or Certified Information Systems Auditor (CISA) preferred
Experience in contract review for cybersecurity clauses preferred
Knowledge of supply chain risk management and vendor lifecycle processes preferred
Foundational knowledge of core information security concepts, such as multi-factor authentication (MFA), access control, encryption, secure authentication principles and general security best practices preferred
Major professional certification applicable to Information Security preferred
*This position may be filled at a higher level based on experience*
Work Location The work schedule for this position will be hybrid (onsite/remote). Business areas reserve the right to require associates to return to the office as needed, based on performance or other business considerations. A hybrid work schedule is subject to amendment or termination at any time by the Company.
Terms and Agreements By submitting a job application, I attest that all information to the best of my knowledge is true and accurate. Furthermore, I understand that any information provided by me throughout the job application process is subject to verification including, but not limited to work experience, education, assessment (test) and interviews. We appreciate your interest in Blue Cross and Blue Shield of Alabama 'The Company'. The Company does not discriminate in hiring or employment on the basis of race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, genetics, status as a disabled or protected veteran, or because of citizenship status in the case of a citizen or intending citizen. No question on this application is intended to secure information to be used for such discrimination. Blue Cross and Blue Shield of Alabama is an independent licensee of the Blue Cross and Blue Shield Association
#J-18808-Ljbffr