Inland Empire Health Plans
Engineer - Cybersecurity GRC Specialist
Inland Empire Health Plans, Rancho Cucamonga, California, United States, 91739
What you can expect!Find joy in serving others with IEHP! We welcome you to join us in “healing and inspiring the human spirit” and to pivot from a “job” opportunity to an
authentic experience!The Engineer - Cybersecurity GRC Specialist is a mid-level position in Cybersecurity governance, risk, and compliance functions. This position is responsible for routine operation activities to assure that IEHP security program can demonstrate compliance with regulatory requirements and manage cyber risk properly to safeguard the company’s digital footprint.This position oversees security assessments, control testing, and regulatory compliance. Responsibilities include coordinating assessment functions, updating control matrices, recommending improvements, ensuring adherence to information security policies, and collaborating with auditors to safeguard protected data. Leadership in implementing the enterprise information security program through expertise in security analysis, risk assessments, awareness initiatives, and policy development is required.Key Responsibilities:
Implement security controls, risk assessment framework, and compliance program aligning with regulatory requirements to advance business objectives.Evaluate risks and develop security policies, procedures, and controls to manage risks and improve security positioning compliance with NIST cybersecurity framework, HIPAA, and PCI-DSS.Implement processes to automate monitoring of security controls, risks, testing, and develop reporting metrics and dashboards.Define and document control ownership, schedule assessments, test control effectiveness, and create risk profile reports.Engage and support stakeholders to implement privacy enhanced technologies to safeguard PII/PHI and other confidential information.Participate and support ongoing GRC workstreams such as internal and external audits, risk assessments, incident response, exposure management, penetration testing, and social engineering tests.Document control failures, provide remediation guidance, and prepare management reports tracking remediation activities.Partner in governance, management, and oversight of all core security program functions.Provide security communications and awareness training and guide other department or projects on security risk identification and remediation.Remain current on best practices and act as technical resource for regulatory compliance.Perform any other duties as required to ensure Health Plan operations and department business needs are successful.Commitment to Quality:
The IEHP Team is committed to incorporate IEHP’s Quality Program goals including, but not limited to, HEDIS, CAHPS, and NCQA Accreditation.Perks
IEHP is not only committed to healing and inspiring the human spirit of our Members; we also aim to match our Team Members with the same energy by providing prime benefits and more:CalPERS retirement457(b) option with a contribution matchGenerous paid time off- vacation, holidays, sickState of the art fitness center on-siteMedical Insurance with Dental and VisionPaid life insurance for employees with additional optionsShort-term, and long-term disability optionsPet care insuranceFlexible Spending Account – Health Care/ChildcareWellness programs that promote a healthy work-life balanceCareer advancement opportunities and professional developmentCompetitive salary with annual merit increaseTeam bonus opportunitiesEducation & Experience
Bachelor’s degree in information systems security, a computer related field, or similar technical field, from an accredited institution required.Four (4) or more years of experience as a Cybersecurity Engineer with a focus on cybersecurity governance, compliance, and risk management required.Key Qualifications
One (1) or more of the following security certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in Governance of Enterprise IT (CGEIT), GIAC Security Essentials Certification (GSEC), CompTIA Security+.In depth understanding and comprehensive knowledge in the following areas:Information security management, governance, and compliance principles, practices, laws, rules, and regulations.Information technology systems and processes, network infrastructure, application architecture, data processes, and protocols.Expertise in cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.Information systems auditing, monitoring, controlling, and assessment processes.Incident response management methodologies and procedures.Risk assessment and management methodologies.Expertise in developing and implementing enterprise governance, risk, and compliance strategies and solutions.Researching and locating information related to internal and external organizations using online and other sources.Strong project management and planning skills in the security domain.Skilled in troubleshooting and operating computer systems and various software packages effectively.Adept at defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions.Excellent communication skills to effectively convey technical information to diverse audiences, both in writing and verbally.Proficiency in evaluating, updating, and revising program materials.Strong interpersonal skills to interact positively with staff, the Board, the public, and regulatory agencies, promoting quality service and effectiveness.Proven ability to:Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.Possess a quick learning capability to apply knowledge to new situations.Show aptitude for handling sensitive and confidential matters, situations, and data with utmost discretion.Possess a capacity to understand and follow broad and complex instructions.Comprehend technical language and confer, analyze, and write in an objective and lucid manner.Work independently, prioritize multiple tasks, and adapt to needed changes.Composure to remain calm under high-pressure and difficult situations.Maintain confidentiality and handle sensitive information with utmost discretion.Use sound judgment and ingenuity in maintaining objectives and technical standards.Start your journey towards a thriving future with IEHP and apply
TODAY !
#J-18808-Ljbffr
authentic experience!The Engineer - Cybersecurity GRC Specialist is a mid-level position in Cybersecurity governance, risk, and compliance functions. This position is responsible for routine operation activities to assure that IEHP security program can demonstrate compliance with regulatory requirements and manage cyber risk properly to safeguard the company’s digital footprint.This position oversees security assessments, control testing, and regulatory compliance. Responsibilities include coordinating assessment functions, updating control matrices, recommending improvements, ensuring adherence to information security policies, and collaborating with auditors to safeguard protected data. Leadership in implementing the enterprise information security program through expertise in security analysis, risk assessments, awareness initiatives, and policy development is required.Key Responsibilities:
Implement security controls, risk assessment framework, and compliance program aligning with regulatory requirements to advance business objectives.Evaluate risks and develop security policies, procedures, and controls to manage risks and improve security positioning compliance with NIST cybersecurity framework, HIPAA, and PCI-DSS.Implement processes to automate monitoring of security controls, risks, testing, and develop reporting metrics and dashboards.Define and document control ownership, schedule assessments, test control effectiveness, and create risk profile reports.Engage and support stakeholders to implement privacy enhanced technologies to safeguard PII/PHI and other confidential information.Participate and support ongoing GRC workstreams such as internal and external audits, risk assessments, incident response, exposure management, penetration testing, and social engineering tests.Document control failures, provide remediation guidance, and prepare management reports tracking remediation activities.Partner in governance, management, and oversight of all core security program functions.Provide security communications and awareness training and guide other department or projects on security risk identification and remediation.Remain current on best practices and act as technical resource for regulatory compliance.Perform any other duties as required to ensure Health Plan operations and department business needs are successful.Commitment to Quality:
The IEHP Team is committed to incorporate IEHP’s Quality Program goals including, but not limited to, HEDIS, CAHPS, and NCQA Accreditation.Perks
IEHP is not only committed to healing and inspiring the human spirit of our Members; we also aim to match our Team Members with the same energy by providing prime benefits and more:CalPERS retirement457(b) option with a contribution matchGenerous paid time off- vacation, holidays, sickState of the art fitness center on-siteMedical Insurance with Dental and VisionPaid life insurance for employees with additional optionsShort-term, and long-term disability optionsPet care insuranceFlexible Spending Account – Health Care/ChildcareWellness programs that promote a healthy work-life balanceCareer advancement opportunities and professional developmentCompetitive salary with annual merit increaseTeam bonus opportunitiesEducation & Experience
Bachelor’s degree in information systems security, a computer related field, or similar technical field, from an accredited institution required.Four (4) or more years of experience as a Cybersecurity Engineer with a focus on cybersecurity governance, compliance, and risk management required.Key Qualifications
One (1) or more of the following security certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in Governance of Enterprise IT (CGEIT), GIAC Security Essentials Certification (GSEC), CompTIA Security+.In depth understanding and comprehensive knowledge in the following areas:Information security management, governance, and compliance principles, practices, laws, rules, and regulations.Information technology systems and processes, network infrastructure, application architecture, data processes, and protocols.Expertise in cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.Information systems auditing, monitoring, controlling, and assessment processes.Incident response management methodologies and procedures.Risk assessment and management methodologies.Expertise in developing and implementing enterprise governance, risk, and compliance strategies and solutions.Researching and locating information related to internal and external organizations using online and other sources.Strong project management and planning skills in the security domain.Skilled in troubleshooting and operating computer systems and various software packages effectively.Adept at defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions.Excellent communication skills to effectively convey technical information to diverse audiences, both in writing and verbally.Proficiency in evaluating, updating, and revising program materials.Strong interpersonal skills to interact positively with staff, the Board, the public, and regulatory agencies, promoting quality service and effectiveness.Proven ability to:Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.Possess a quick learning capability to apply knowledge to new situations.Show aptitude for handling sensitive and confidential matters, situations, and data with utmost discretion.Possess a capacity to understand and follow broad and complex instructions.Comprehend technical language and confer, analyze, and write in an objective and lucid manner.Work independently, prioritize multiple tasks, and adapt to needed changes.Composure to remain calm under high-pressure and difficult situations.Maintain confidentiality and handle sensitive information with utmost discretion.Use sound judgment and ingenuity in maintaining objectives and technical standards.Start your journey towards a thriving future with IEHP and apply
TODAY !
#J-18808-Ljbffr