Bringing peace of mind through better health to our customers and communities
Senior Information Security Governance, Risk and Compliance Analyst
Location
EST (UTC-5)
Posted
3 days ago
Salary
0
Seniority
Senior
Job Description
Senior Information Security Governance, Risk and Compliance Analyst
BlueCross BlueShield of Tennessee
Role Description We are hiring a Sr. Information Security Governance, Risk, and Compliance (GRC) Analyst at BlueCross BlueShield of Tennessee! In this role, you will help strengthen and mature BCBST’s information security governance program by leading risk management, compliance, and assurance initiatives across the enterprise. - Serve as a key contributor in developing and maintaining Systems Security Plans (SSPs). - Partner with technology and business stakeholders to support audit readiness efforts. - Manage security controls, assess risk, and ensure alignment with industry frameworks and regulatory requirements. - Protect organizational assets while helping BCBST maintain a strong security and compliance posture. To be successful in this role, you'll bring strong cybersecurity knowledge, exceptional technical writing skills, and experience translating complex security requirements into clear, actionable documentation. - Experience developing Systems Security Plans (SSPs). - Supporting audit and compliance activities. - Working with security frameworks and control management programs. - Collaborating across technical teams to manage risk. Professional certifications such as CISA, CISM, or CISSP are highly preferred. Note: This is a remote, work-from-home position, but the final round of interviews will take place on-site in our Chattanooga, TN office. Candidates must be able to work Eastern Time Zone business hours. Participation in an on-call rotation is required for approximately two weeks every 30 weeks. Sponsorship is not available for this role. Qualifications - Bachelor’s degree in a relevant field or an equivalent of four years of experience is required. - 5 years of professional experience in Information Security or related IT roles with security-related responsibilities, including at least 2 years focused on Governance, Risk, and Compliance (GRC) functions. - Experience leveraging AI-enabled tools to automate and enhance GRC processes preferred. Requirements - Preferred certifications: CISSP, CRISC, CISA, or CISM. - Ability to assess and document organizational risks, including identifying impacts and recommending mitigation strategies. - Ability to interpret and apply regulatory requirements and industry frameworks (e.g., NIST, SOC 2, HIPAA) to organizational controls. - Ability to analyze security, compliance, and risk metrics to identify trends and drive continuous improvement. - Ability to communicate complex risk and compliance concepts clearly to both technical and non-technical stakeholders. - Ability to collaborate effectively across cross-functional teams to integrate governance, risk, and compliance practices into business processes. - Exceptional time management skills. - Excellent oral and written communication skills. - Strong interpersonal skills and ability to cultivate relationships with internal and external stakeholders. - Ability to work with all levels of staff and management. Company Description
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
IT Security Analyst
Lakeside SoftwareLakeside Software helps IT teams monitor and optimize environments by focusing on the quantified end-user experience.
• Conduct comprehensive security assessments to identify potential vulnerabilities in our Azure systems, networks, and applications. • Use Endpoint Device Management (EDM) solutions to remediate identified vulnerabilities through automated patch deployment. • Collaborate with engineering teams to address vulnerabilities that fall outside the scope of automated patching. • Utilize industry standard tools and methodologies to perform assessments and identify security gaps. • Execute regular vulnerability scans to uncover security weaknesses and ensure compliance with security policies, and regulations. • Analyze scan results, prioritize vulnerabilities based on risk, and recommend corrective actions. • Monitor and review Indicators of Compromise (IOC) to detect and respond to potential security incidents. • Analyze threat intelligence and perform investigations to prevent or mitigate security breaches. • Collaborate with internal teams and external partners to contain and resolve security threats promptly. • Perform routine review of alerts and security logs to identify anomalous activity, escalate confirmed incidents, and maintain documentation of findings. • Conduct and document periodic user access reviews across systems and applications to support least-privilege controls and satisfy audit requirements. • Assist in responding to customer and prospect security questionnaires, including DDQs and vendor risk assessments, by accurately documenting Lakeside’s controls, certifications, and security practices in alignment with our security program and approved disclosure posture. • Performing special projects as required
ISSO Security Analyst
MKS2 TechnologiesAustin-based SDVOSB delivering application development, cybersecurity, instructional design and training to DOD and VA.
• As a Security Analyst on our team, you’ll use your experience to work with Veterans Affairs (VA) Information System Owners (ISO), Information System Security Officers (ISSO), site managers, and other system stakeholders to coordinate and drive the completion of Risk Management Framework (RMF) steps 0-6 ATO activities and requirements, identify and mitigate risks, escalate project risks to leadership, understand and apply VA authorization policies and processes, and provide information system security expertise. • You'll ensure the appropriate operational security posture is maintained for information systems throughout the system’s lifecycle from product acquisition and installation through decommission. • You will complete and maintain very detailed security documentation and coordinate to execute ATO support duties that document security details related to system installations, a variety of IT systems, networks, hardware, and software in a variety of complex and simple installation sites. • You’ll work with your client to translate security concepts into actionable, implementable solution recommendations to help the client make informed security decisions from all aspects of IT deployments ensuring full commissioning is completed through deployment into production and decommissioning. • This is your opportunity to act as an information security and RMF subject matter expert while broadening your skills in cybersecurity.
• Gestão e acompanhamento de vulnerabilidades; • Monitoramento e investigação de eventos de segurança; • Apoio na operação e evolução de soluções SIEM; • Gestão de identidades e acessos (IAM); • Apoio na implementação de controles de segurança em ambientes Cloud AWS; • Participação em análises e tratamento de incidentes de segurança; • Elaboração e manutenção de políticas, procedimentos e controles de segurança; • Apoio às iniciativas relacionadas à LGPD e boas práticas de governança; • Interação com times técnicos para evolução contínua da postura de segurança da organização.
Senior Cybersecurity Analyst
Law School Admission Council (LSAC)LSAC is a not-for-profit organization committed to quality, access, and equity in law and education.
• Improve, manage, and provide direction re: LSAC Security Policies, Procedures, and Best Practices and maintain and enhance the formal Security Systems Program. • Assist in the Development of effective Cybersecurity policies to address existing and future threats such as AI computer policies, data governance and compliance. • Perform IT Security inspections, tests, system level audits and reviews of existing IT software and hardware to support and conduct the annual reviews to ensure compliance with SOC2, IT and Financial Audits, PCI/DSS, etc. • Evaluate and recommend new Security products and services (hardware and software). • Consult, monitor, and report on Security systems, e.g. such as intrusion prevention and detection systems, VPNs, and firewalls. • Perform network and system vulnerability scans and penetration testing on workstations, servers, network devices, and other computer systems and work with appropriate groups to close Security gaps. • Develop and support the development of automated tools that analyze the Security violations found in access control logs to discover patterns and evidence of problems. • Provide consultation and assistance to Infrastructure, Executive Staff, and other staff from other departments relating to information and systems Security. • Maintain a high level of confidentiality in identifying and aiding in resolving Security issues. • Monitor the networks and websites for the proper Security procedures, software configuration, and signs of compromise or attempted compromise. • Actively promote and enhance Security Awareness programs to LSAC staff and partnering with the Human Resources Department. • Participate in all Information Security projects and attend meetings to provide input and recommendations on issues that have an impact on LSAC’s Security infrastructure. • Evaluate and recommend solutions to current or potential Security threats as they relate to the data and computing environment. • Participate as a member of the Security Incident Response Team and Test Security Task Force. • Respond to Security incidents providing critical documentation and consultation by preserving all records indicating changes made to access control lists to facilitate investigations, as well as involvement to the response, root cause analysis, and implementation of a solution. • Keep abreast of the trends and issues in the industry related to Computer Security.




