Senior Information Security Analyst (43555)

This position will work closely with the Enterprise Risk and Information Security Officer to provide timely and quality service to ensure compliance with Neighborhoods information security and risk policies and procedures. This position will be responsible for maintaining continuous monitoring of activities in support of the HiTrust control framework. The Information Security Senior Analyst is a member of an oversight function and supports information security, risk, and compliance governance across the enterprise. This role will assist in establishing information security requirements through the evaluation and understanding of business strategies and processes, developing applicable information security standards, executing control assessments to provide recommendations and develop requirements to remediate identified control gaps.

Duties and Responsibilities

Responsibilities include, but are not limited to, the following:

• Responsible for the continuous monitoring program to assert the control environment is operating effectively.
• Develop Security Control Monitoring Test Plans and Schedule.
• Establish ownership of the controls, schedule regular assessments, and testing.
• Report control failures, and gaps to stakeholders, provide recommendations and assist in developing solutions, and prepare management reports to track remediation activities.
• Development and implementation of security policies, procedures and requirements, as well as, collaboration with control owners to help implement and track enforcement of output.
• Performs technology risk and controls assessments such as account control assessments for systems, applications, infrastructure, and operational processes.
• Tracks corrective action plans for identified information security issues.
• Maintains inventory of exceptions to Information Security policy, standard, control, and configuration requirements.
• Manages priorities, performs tasks in an orderly fashion, and meets time deadlines.
• Demonstrates agility and is flexible with changing priorities.
• Development of Key IT Metrics (KPIs and KRIs) and prepares reports for the Enterprise Risk and Information Security Officer and Senior Leadership, reporting on Information Security program achievements, successes, challenges and opportunities for improvement
• Performs other duties as required.
• Corporate Compliance Responsibility - As an essential function, responsible for complying with Neighborhoods Corporate Compliance Program, Standards of Business Conduct, applicable contracts, laws, rules and regulations, policies and procedures as it applies to individual job duties, the department, and the Company. This position must exercise due diligence to prevent, detect and report unlawful and/or unethical conduct by fellow co-workers, professional affiliates and/or agents.