• Sr IT Risk Analyst (Information Security)

    Location US-IA-Des Moines
    Job ID
    212924
    Category
    Information Technology
    Requires Non-Compete?
    No
  • Job Summary

    Our Ideal Candidate: You are a self-starter who has a strong understanding of Information Security processes and are engaged by working with process owners to produce meaningful performance and/or risk measurements. You are energized by working collaboratively with team members and key stakeholders. You feel fulfilled when you see the bigger picture of what the data is telling us, and tell that story.  If this describes you ---> keep reading!  

     

    About the Career: In this role, you will be responsible for the evaluation of IT processes and technology. You will analyze in comparison against Wellmark policies and standards, industry standards and regulations, and best practices. You will also assess the effectiveness and identify any technology risks across all aspects of IT processes and technology. You will provide ongoing monitoring and reporting of actual performance versus goals, and partner with all Corporate Information Security (CIS) team members as well as cross-functional stakeholders to drive and manage deliverables.

     

    Why Wellmark Technology? At a time when technology is creating new business models, disrupting industries and creating valuable experiences for consumers, our role as technology team members must elevate an organization through innovative transformation, modernized technology and delivery of new business strategies, including an aim to continuously evolve and enhance the customer experience. At Wellmark, our technology transformation program is called ASCEND and is led by our empowered technology leaders and team members. Together, we are leaning into the future, owning the outcome and working together to transform how we work and what innovative solutions we deliver

    Minimum Qualifications Required (all must be met to be considered)

    • Bachelors degree or direct and equivalent work experience
    • Minimum 5 years’ experience in the following:
      • information security metrics development and reporting
      • identifying, communicating and facilitating responses to technology risks
      • controls assurance, including control definition, gap analysis, evidence gathering and controls testing, across a broad range of IT processes and technology
      • technology process development and continual process improvement
    • Demonstrated experience in various techniques in data manipulation and management (using software and systems; web based financial reporting tools, clinical based reporting tools,) to meet business reporting needs. Tools used may include: Access, Crystal, Report Smith, Business Objects, SAS (including use of macro variables), SQL Geo Access analysis tools, RFP Machine, and relational databases.
    • Demonstrated experience in obtaining relevant information/identify essential elements, and examine issues or inconsistencies; relate and compare data from different sources
    • Proven ability to compile and analyze data for the purpose of telling a story with the data/metrics
    • Demonstrated ability to communicate clearly and concisely when presenting findings to individuals or groups

     

     

    Hiring Specifications Preferred

    • Bachelors degree
    • Certified Information Systems Auditor CISA Information Systems Audit and Control Association ISACA
    • 7+ years experience in the following:
      • information security metrics development and reporting
      • identifying, communicating and facilitating responses to technology risks
      • controls assurance, including control definition, gap analysis, evidence gathering and controls testing, across a broad range of IT processes and technology
      • technology process development and continual process improvement

    Job Accountabilities

    a. Perform reoccurring assessments of information security and technology functions to measure maturity against industry standard baselines, identifying improvement areas, registering risks and assisting with action plans to move processes to a higher level of maturity.

    b. Define, manage and drive metrics and reporting framework that support data security reporting and metrics. Will partner with CIS team members and cross functional stakeholders to develop and manage a KPI/KRI metrics and reporting for CIS.

    c. In partnership with internal stakeholders, collect, analyze and produce customized reporting, provided to leadership across Technology, CISO and other members of senior leadership regarding the overall health of the information security program.

    d. Demonstrate creativity in how Wellmark measures all aspects of data risk. Will assist with technology risk identification, assessments, response and action planning across all areas of Wellmark Technology.

    e. Will create processes to ensure data sources deliver information that is accurate and timely. Collaborate with appropriate stakeholders to ensure data is complete and provide holistic reporting to enable business decisions and actions.

    f. Other duties as assigned.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed