This place is answerable for aiding with company-extensive (Noridian and all affiliated organizations) venture planning and documentation
of inner Enterprise Safety tasks and Enterprise Safety Company Tasks. These actions embrace researching and documenting federal and state regulatory necessities, together with the Well being Insurance Portability and Accountability Act of 1996 (HIPAA),
Well being Information Know-how for Financial and Medical Well being (HITECH) Act, the Facilities for Medicare and Medicaid Providers (CMS) necessities, and requirements as outlined by the Nationwide Institute of Requirements and Know-how, and sustaining of documentation.
This place is chargeable for coordinating and making certain pc/knowledge safety necessities inside the IT Division and the company
as an entire, are being adhered to. The place will carry out auditing, logging and monitoring on all methods and purposes. Develop and help within the improvement of departmental and company safety insurance policies
and requirements. Carry out safety steerage and audits. Take part in safety-associated tasks as wanted.
Carry out safety and danger assessments.
Keep a information base of relevant laws and disciplines, and guarantee they’re being met.
Important Features
1)
Lead Departmental and Company Undertaking planning and implementation for safety compliance and safety initiatives
a)
Conduct preliminary and ongoing company-broad assessments for compliance with Noridian insurance policies and regulatory necessities
b)
Coordinate, schedule, and lead venture conferences
c)
Keep documentation on the standing of challenge plans
d)
Help within the ongoing monitoring of carried out initiatives
e)
Lead Departmental and Firm Initiatives to help enterprise models in turning into compliant with Noridian insurance policies and regulatory necessities
f)
Develop and keep complicated multi-departmental challenge plans, schedules, and estimates for implementing safety initiatives and departmental tasks
2)
Lead and co-ordinate the next safety associated tasks
a)
Enterprise Contingency and Continuity Planning
b)
HIPAA associated initiatives
c)
CMS Safety associated tasks together with the Enterprise Safety Plan, Risk Evaluation, and others as indicated by CMS
d)
Company and IT Safety Initiatives
e)
Annual Recertification (Minimal Entry)
three)
Develop and keep safety management framework, which incorporates safety insurance policies, requirements, and tips
a)
Develop and keep a central repository for company-vast safety administrative necessities for Enterprise Safety insurance policies and procedures
b)
Develop and keep a central repository for different data associated to safety
c)
Help the upkeep of those insurance policies and procedures. Guarantee company and departmental safety insurance policies and procedures are reviewed and/or up to date as required by regulatory mandates
d)
Help within the monitoring of those insurance policies and procedures
e)
Develop Enterprise Safety Division and IT insurance policies and procedures
f)
Develop company-large insurance policies and procedures as wanted to help company, governmental, authorized, and federal and state legislative initiatives
g)
Help enterprise models with improvement of insurance policies and procedures that adjust to Noridian insurance policies
four)
Safety Audits and Safety Plans
a)
Present management throughout firm audits and help in sustaining corporations Safety Plans as required
b)
Work with different departments to offer steerage, based mostly on laws, coverage and procedures, for implementation of applicable safety controls
c)
Present steerage and oversight for inner and Exterior Company and IT Audits
d)
Function Topic Matter Professional for Company-vast audits and act as audit liaison
5)
Safety Reporting
a)
Work with Management and employees to resolve safety incidents
b)
Develop Safety studies, critiques, and report safety incidents to Corporations Compliance Departments, System Safety Officers, and CIO in a well timed method
c)
Guarantee reporting and auditing instruments are upgraded to mirror revisions in laws, working environments, and purposes
d)
Audit system and software logs to seek out safety violations, vulnerabilities, and abnormalities
e)
Design, develop and keep audit reporting packages and purposes
f)
Design, develop and keep pc assisted audit methods
g)
Develop technical element and management abstract stories
6)
Laws and persevering with schooling necessities
a)
Keep thorough information of presidency laws and safety greatest practices together with relevant requirements, legal guidelines, guidelines and laws, particularly, FISMA, HIPAA, HITECH, NIST
b)
Present steerage and technical experience on regulatory controls referring to info safety
c)
Take part because the departmental consultant in company evaluation of presidency laws
d)
Help with inner and exterior audits
e)
Handle assigned regulatory necessities reminiscent of FISMA, HIPAA, HITECH, NIST safeguards
f)
Keep persevering with safety skilled and/or certification necessities and attend Information Safety Advisory Group conferences or Safety skilled conferences and/or seminars
7)
Safety Incidents and Remediation
a)
Help remediation efforts in figuring out, score and mitigating threats and vulnerabilities
b)
Carry out incident dealing with for Pc Incident Response Workforce (CIRT) and help with forensic evaluation efforts as required
c)
Full Corrective Motion Plans, resolve audit findings, and safety points and guarantee issues are resolved in an efficient and well timed method
d)
Assign duties as required
eight)
Risk Management, Safety Evaluation, and Safety procedures
a)
Assessment threats and advocate safety controls, procedures and danger management methods to scale back the danger to the Firm
b)
Determine danger based mostly on menace, publicity, and weak spot and develop mitigating procedures or determine underlying danger
c)
Guarantee division coverage, procedures and safety greatest practices are monitored and reported following departmental and company safety reporting necessities
d)
Make sure that correct safety measures, stories and audit trails are in place
e)
Formally consider security measures of data merchandise and techniques
f)
Function division consultant and supply safety structure and design to IT division
Necessities
Information
·
Superior Information of auditing theories, methods, and practices
·
Working Information of Information Systems Improvement Rules, Safe Programming Ideas, and Systems Improvement Life Cycle
·
Basic information of the insurance business
·
Working Information of HIPAA and HITECH necessities
·
Superior Information of federal and state regulatory practices; together with Federal Information Safety Management Act Necessities and NIST
·
Particular Publications 800 collection
·
Superior information of Log evaluation methodologies and methods
·
Superior information of data safety rules and practices
·
Working information of pc purposes: Microsoft Workplace Suite
·
Superior understanding information in Incident Dealing with, Enterprise
·
Contingency Continuity Planning, & Catastrophe Restoration Ideas
·
Superior information of safety & danger evaluation fundamentals
·
Superior understanding of safety structure and design rules together with:
Safety practices for working techniques, firewalls, networking, encryption, Intrusion Detection Systems, virtualization, webservers, databases, and purposes
·
Information Safety Greatest Practices & IT Safety laws (CMS, Sarbanes Oxley, FISMA, NIST)
·
SQL question improvement
Talents/Expertise
·
Information Safety Expertise
·
Capability to regulate to vary and be versatile
·
Potential to deal with a number of duties concurrently
·
Analytical expertise
·
Editorial expertise for coverage and process critiques
·
Wonderful communication expertise each written and verbal
·
Group and prioritization expertise
·
Analysis and investigative expertise
·
Time management expertise
·
Capability to journey if required
·
Facilitation and management expertise
·
Efficient Presentation expertise
·
Coordination of challenge actions/planning
·
Management Expertise
Schooling/Expertise
Schooling: Requires a 4-yr diploma, ideally in enterprise or info methods area or two
yr diploma ideally in info techniques and extra two years’ expertise in Information Systems, Information Safety, and/or Information Know-how Auditing
Expertise : Minimal of seven years of expertise in Information Systems, Information Safety, and/or
Information Know-how Auditing. With a minimal three years’ expertise in Information Know-how and minimal of 4 years’ expertise in Information Systems Safety and/or Information Know-how Auditing
CISSP, CISA, or equal certification required
OTHER INFORMATION
Job Posting Coverage 6.05
New staff with Blue Cross Blue Defend of North Dakota might be eligible to use for positions inside their assigned division after efficiently finishing a 90-day assessment. For positions outdoors your division,
you will need to attain a minimal of six months of service earlier than you possibly can apply.
EQUAL OPPORTUNITY EMPLOYMENT
Equal Alternative Employer of Minorities, Females, Protected Veterans and Particular person with Disabilities, in addition to Sexual Orientation or Gender Id.
SUBMIT YOUR CV HERE
Related Posts :
Outside Sales Representative (Banking/Financial Services) - Elavon, Inc. - Kansas City, MO- Vice President for Finance & Administrative Services - Arizona Western College - Yuma, AZ
- Finance Operations Intern - Zurich North America - Schaumburg, IL
- Banking Specialist II - Reading Cooperative Bank - Wilmington, MA
- Director of Finance - AmerisourceBergen - Frisco, TX
0 Response to "Information Systems Risk Management Analyst - Noridian Mutual Insurance - Eagan, MN"
Posting Komentar