Information Security Analyst I

We are hiring for an Information Security Analyst I within the Enterprise Information Security Office at Blue Cross Blue Shield of Michigan (BCBSM).

About the Role:

The Info Security Analyst I works directly with the customers, third parties and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk. They also communicate and educate IT and the business about security policies and industry standards and provide solutions for enterprise/business security issues.

In this Info Security Analyst I opportunity, responsibilities will include:

• Provide expertise and assistance to ensure the company's infrastructure and information assets are protected. Update, maintain, and document security controls and provide direct support to the business and internal IT groups.
• Maintain awareness of current business processes and their security risks and focused on ensuring security controls are effective across multiple domains of technologies and business processes.
• Support the work of identifying requirements for security controls and of performing information security risk assessments across multi-faceted projects that are accomplishing business objectives.

Additional aspects/functions of the role may include:

Plan, execute information security initiatives for one functional area related to risk management, mitigation and response, compliance, control assurance, and user awareness. Assist in developing and driving security strategies, policies/standards, ensuring the effective of solutions, and providing security-consultative services to the organization.

• Participate with team(s) to gather a full understanding of project scope and business requirements. Maintain awareness of current business processes and their security risks.
• Run security analysis reports using commercial tools or custom scripts and documents gaps.
• Participate in recovery drills. Provide security support for application- and infrastructure-related projects to ensure that security issues are addressed throughout the project life cycle. Provide responsive support for problems found during normal working hours as well as outside normal working hours.
• Assist/perform in security assessments and performs security attestations. Inspect security logs to uncover possible security violations (e.g., break-ins, unauthorized activity).
• Respond to security incidents and assists in forensic investigations.
• Propose improvements and assist in the implementation of enterprise-wide security policies, procedures and standards to meet compliance responsibilities. Track changes to security policies, procedures, standards and system configurations. Monitor compliance with security policies, standards, guidelines and procedures. Ensure security compliance with legal and regulatory standards.
• Perform security monitoring and reporting, analyze security alerts and escalate security alerts to local support teams.