Information Security Risk and Compliance Analyst III

Recruiter
L.A. Care Health Plan
Location
Los Angeles
Salary
Competitive
Posted
28 Feb 2023
Closes
21 Mar 2023
Employer Sector
Technology, IT & Telecoms
Contract Type
Permanent
Hours
Full Time
Salary Range: $121,056.00 (Min.) – $160,400.00 (Mid.) – $199,742.00 (Max.) Established in 1997, L.A. Care Health Plan is an independent public agency created by the state of California to provide health coverage to low–income Los Angeles County residents. We are the nation's largest publicly operated health plan. Serving more than 2 million members in five health plans, we make sure our members get the right care at the right place at the right time. Mission: L.A. Care's mission is to provide access to quality health care for Los Angeles County's vulnerable and low–income communities and residents and to support the safety net required to achieve that purpose. As a condition of employment, L.A. Care requires a COVID–19 vaccine. This requirement includes our remote workforce. If you would like to request an exemption, L.A. Care has implemented a process to consider exemptions, for documented medical conditions and sincerely held religious beliefs. L.A. Care will review all exemption requests prior to proceeding with the recruitment process. Job Summary The Information Security (InfoSec) Risk and Compliance Analyst III aligns with the privacy and compliance teams to develop, review, update, and disseminate the policies, standards, and processes required to maintain compliance throughout the organization. This position is responsible for maintaining and operating InfoSec's, risk, and compliance responsibilities. The InfoSec Analyst works closely with CDOC Analysts, LAC's Compliance department, and other IT teams to gather data and manage risk in the environment. Acts as a Subject Matter Expert, serves as a resource and mentor for other staff. Duties Performs security assessments, categorize and prioritize assessment findings, responds to audit requests, monitors for adherence to policies and procedures, and triages the InfoSec request queue. Performs all regulatory assessments including HIPPA, Security Controls Review and Accreditation. Performs daily risk management activities including maintaining the Organizational Risk Register and documentation. Manages phishing campaigns, tabletop exercises, and conducts security awareness trainings. Cross trains with the CDOC Analysts. Performs third–party risk assessments. Executes procedures to assess and measure compliance with the organization's security policies and procedures. Partners with internal teams such as Compliance and Privacy to review all regulatory changes and works with the engineers to ensure their solutions are in compliance with regulatory requirements. Documents, investigates, and reports security compliance issues. Participates in the resolution of risk and compliance issues with appropriate stakeholders. Collaborates with the Compliance department and the IT Risk and Audit team for assessments, audit requirements, and Corrective Action Plan (CAP) remediation's. Applies subject expertise in evaluating business operations and processes. Identifies areas where technical solutions would improve business performance. Consults across business operations, providing mentorship, and contributing specialized knowledge. Ensures that the facts and details are correct so that the project's/program's deliverable meets the needs of the department, and organization policies, standards, and best practices. Provides training, recommends process improvements, and mentors junior level staff, department interns, etc. as needed. Performs other duties as assigned. Education Required Bachelor's Degree In lieu of degree, equivalent education and/or experience may be considered. Education Preferred Experience Required: At least 6 years of experience in information security or technology. Operational experience assessing enterprise–wide GRC strategies and solutions. Operational experience in a regulated environment (eg, classified networks, healthcare, finance, banking, etc.). Preferred: Experience with Vulnerability Management and/or Security Information and Event Management (SIEM) platforms. Operational experience monitoring cloud computing (eg, AWS, Azure, etc.) and SaaS environments. Skills Required: Strong knowledge of information security risk and compliance principles, practices, laws, and regulations in a healthcare environment. Understanding of risk, and compliance activities and providing documentation for audit investigations. Strong communication skills verbal and written. Ability to collaborate with internal and external key stakeholders. Understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP/S, etc.). Understanding of Windows and Linux operating system fundamentals. Licenses/Certifications Required Certified Information Systems Security Professional (CISSP) Licenses/Certifications Preferred Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified Risk and Information Systems Control (CRISC) Required Training Additional Information L.A. Care offers a wide range of benefits including Paid Time Off (PTO) Tuition Reimbursement Retirement Plans Medical, Dental and Vision Wellness Program Volunteer Time Off (VTO) At L.A. Care, we value our team members' safety. In order to keep our work locations safe, each employee is required to self–screen for symptoms prior to entering any L.A. Care location each day. L.A. Care and all of its staff are required to comply with all state and local masking orders. Therefore, when on–site at any L.A. Care location, employees are expected to wear a mask in areas where physical distancing cannot be managed. Nearest Major Market: Los Angeles Job Segment: Risk Management, Finance