Skip to main content

Info Security Exec Advisor - IT Risk/Audit Expert - PS30608

Location: Richmond, VA
Job Family: Information Technology
Req #: PS30608-2088
Date Posted: Jul 9, 2020

Description

SHIFT: Day Job

SCHEDULE: Full-time

 

 

 

Anthem, Inc. is one of the nation's leading health benefits companies and a Fortune Top 50 company. At Anthem, Inc., we are working together to transform health care with trusted and caring solutions

 


Bring your expertise to our innovative culture where you will have the opportunity to make a difference in people’s lives, and to take your career further than you can imagine.

 

 

 


The role is responsible for supporting the maturation of a “center of excellence” around IT and IS control monitoring, advisement and consultation with the Corporate wide IT / IS Policies and Control Framework.  Role will help assist in the overall controls monitoring program and interface with internal and external auditors.. The role entails assessing the effectiveness of internal controls, and ensuring that operating systems and processes are functioning in accordance with overall company (sox, soc, pci, cloud, etc.) control framework. This individual will provide leadership to IT Operations to help drive the assurance strategy as well as ensuring that controls activities and remediation are completed on a timely basis. 


Work will include developing and assessing any in-scope IT functions for new/expanded SOX/SOC1/SOC2 audits or compliance of new/migrated systems. Will also support and partner with the IT/IS organization as part of the overall team focus.  Basic position expectations also include ensuring stability and compliance with audit and regulatory requirements/mandates, maintaining and upkeep of a master control workbook and audit calendar of activities.  Will partner with IT OPS leaders across key it general control domains (logical security, change management, cyber security, asset management, etc.)  in ensuring that key control activities are embedded within operational processes and technical systems.


Position may also help develop strategic and tactical plans for a comprehensive enterprise-wide information security program and consulting on  the development of policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted IT general and information security controls. May also supports IT Operations in   the selection and delivery of strategic network security, access control and secure transaction/messaging solutions.


Primary duties may include, but are not limited to:


  • Advise on and participate in IT and IS controls monitoring activities in order to partner with IT and IS Operational leaders to counsel on standard control execution.

  • Support IT leaders with controls remediation plans and IT process improvement and remediation activities to meet stringent regulatory and audit requirements.

  • Participate in and advise on all internal control assessment and audit management activities in support of the IT compliance activities.

  • Assesses risk of IT systems, operational processes and participates in IT Risk Assessment procedures.

  • Help document IT/IS business processes dependent on information technology.

  • Research relevant IT and IS regulatory, compliance and audit trends across healthcare, business, competition and regulatory environments; recommends strategy adjustments.

  • Help develop and implement education, training and other mechanisms used to ensure  compliant behavior for adequate internal controls.

  • Provides company management with consultative support in controlling and/or enhancing processes and systems in compliance with policies and regulations focused on SOX, SOC and other regulatory guidance.

  • Coordinates with the IT Operations Leadership in development and compilation of additional controls and continuous compliance improvement activities.

  • Support IT OPS throughout the audit process from pre-audit preparedness activities to post-audit meetings in gathering information, reporting result and recommending process improvement actions.

  • Discusses significant audit findings and proposed corrective action with management and drive compliance related changes across all IT functional areas .

  • Performs follow-up to ensure appropriate corrective action has been taken to resolve any identified internal control weakness. 

  • Performs consultative services and/or special investigative assignments, as requested by IT senior management.

  • Support the development of third party partner control monitoring and assurance strategy in line with soc and other regulatory requirements. 

  • Supports the establishment of  architecture oversight and planning for information and network security technologies;

  • Supports development of an information security risk management program that includes business, regulatory, industry practices and technical environment considerations;

  • Supports the establishment of strategic vendor relationships for security products and services; advises on  enterprise-wide security incident response plans and strategies that includes integration with business, compliance, privacy, and legal constituents and requirements;

  • Creates presentations and seeks IT and business management input of significant replacements or reconfigurations of major security technologies and processes serving the Enterprise.

  • Can provide technical guidance and leadership to the technical engineers within the organization. Can participates in the design of the enterprise architecture and asset management protocols


Qualifications

Must be capable of providing top-tier support for 6 or more of the information security technology common body of knowledge skill sets: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery Planning, 4) Cryptography, 5) Information Security and Risk Management 6) Legal, Regulations, 7) Compliance and Investigations, 8) Operations Security, 9) Physical (Environmental) Security, 10) Security Architecture and Design, 11) Telecommunications and Network Security.

Requires BS/BA in related field; 10+ years experience in systems administration and security aspects of information systems, computer networking, telecommunications, systems development and management; significant experience with multiple technical and business disciplines required; requires broad-based experience to plan and design highly complex systems; or any combination of education and experience, which would provide an equivalent background.

 

 

 

Anthem, Inc. is ranked as one of America’s Most Admired Companies among health insurers by Fortune magazine and is a 2018 DiversityInc magazine Top 50 Company for Diversity. To learn more about our company and apply, please visit us at antheminc.com/careers.  An Equal Opportunity Employer/Disability/Veteran

 

 

Share: mail

Please be advised that Anthem only accepts resumes from agencies that have a signed agreement with Anthem. Accordingly, Anthem is not obligated to pay referral fees to any agency that is not a party to an agreement with Anthem. Thus, any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of Anthem.