Senior IT Risk Analyst

About Blue Cross

Blue Cross and Blue Shield of Minnesota is one of the most recognized and trusted health care brands in the world with 2.5 million members. We’re committed to reinventing health care to improve health for our members and the community. We hope you'll join us.

How Is This Role Important to Our Work?

BCBS of MN is hiring a Senior IT Risk Analyst on our Security Risk Management team in Eagan, MN. In this role you will drive the management of information security risk through risk assessments, policy creation and governance, and the facilitation of attestation and audit activities for internal and external stakeholders. You will drive collaboration with cross-functional groups to enable the achievement of business objectives and the protection of customer data and company assets. May function in a lead role.

You will have at least 5 years of related experience, including 3 years of experience in IT Risk Management – control framework/concepts, SOC2 audit operations experience. Strong written and verbal communication skills are key to this role.

This role is hybrid, 2 days a week in office, out of Eagan, MN.

A Day in the Life:

• Develops and maintains company policies supporting the protection of sensitive information and company assets.
• Conducts assessments of organizational people, processes and technology against regulatory, industry, and company control requirements.
• Evaluates the likelihood and impact of identified threats to support the prioritization of risk responses.
• Facilitates the collaboration of technical and non-technical teams to develop risk mitigation plans and gain alignment on risk treatment.
• Communicates risk analyses and response recommendations to stakeholders and facilitates risk treatment decisions.
• Acts as a liaison between information security and assessors to support assessment and attestation activities to demonstrate the implementation and operation of information security processes and controls.
• Supports satisfaction of information security and compliance mandates.
• Drives the implementation of mitigating controls to address identified risks.
• Demonstrates information security program components as part of customer sales cycles and on-going due diligence activities.
• Develops and distributes security awareness and education content.
• Perform ad-hoc risk analyses and provide consultative risk management guidance to business areas leading organizational initiatives.
• Ensures coordination and collaboration with other organizational areas through clear and effective communication and support.

Required Skills and Experiences:

• 5+ years of related professional experience. All relevant experience including work, education, transferable skills, and military experience will be considered.
• Demonstrated ability to document understanding of business processes and technologies, including through process mapping, generating narratives, and crafting of executive summaries for easy consumption of complex topics.
• Demonstrated understanding of audit and assessment methodologies
• Strong level knowledge of technical, business, and industry
• Advanced oral and written communication and presentation skills
• Demonstrated experience working independently and through ambiguity
• Proficient in the use of PowerPoint, Word, Excel, Visio, and MS Project.

Nice to Have:

• Bachelor's degree in Information Assurance/Security is desirable.
• Relevant cybersecurity certification(s): CISSP, CCSP, CISA
• Cloud Service Provider Certification (e.g., AWS Cloud Practitioner, Azure Fundamentals, etc.) – required within 1 year of employment.
• Previous experience in an agile/product-led operating model.
• Previous experience in health management/insurance field.

Role Designation:

Hybrid Remote

Role designation definition: Teleworking is working full time remote. Hybrid is a combination of working onsite and remotely. Onsite is full-time onsite.

Make a difference

Blue Cross is an Equal Opportunity and Affirmative Action employer that values diversity. All qualified applicants will receive consideration for employment without regard to, and will not be discriminated against based on race, color, creed, religion, sex, national origin, genetic information, marital status, status with regard to public assistance, disability, age, veteran status, sexual orientation, gender identity, gender expression, or any other legally protected characteristic.

Reasonable Accommodation for Job Seekers with a Disability: If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to [email protected].

All roles require a high school diploma (or equivalency) and legal authorization to work in the U.S.

Blue Cross® and Blue Shield® of Minnesota and Blue Plus® are nonprofit independent licensees of the Blue Cross and Blue Shield Association.