Security Compliance Senior Analyst

Express Scripts Saint Louis , MO 63150

Posted 4 days ago

POSITION SUMMARY

Working within the Information Risk Management department, the Security Compliance Senior Analyst will support governance, risk, and compliance initiatives and perform key day-to-day activities to help deploy and maintain specifically the SOC2 attestation portfolio. This individual will help create and maintain risk assessments to facilitate scoping and defining boundaries of the system. This individual will facilitate control mapping, control gap identification, gap remediation, risk mitigation, and external auditor interaction. This individual will assist in ensuring compliance to SOC2 SSAE 18 AICPA reporting standards along with an understanding of the Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles.

ESSENTIAL FUNCTIONS

  • Develop and maintain SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams.

  • Perform control alignment validation

  • Facilitate in identifying controls gaps ensuring sufficient remediation plans and tracking to timely resolution

  • Provide information for status reports and support stakeholder

  • Facilitate system and control understanding walkthrough meetings

  • Update and maintain system and process narratives

  • Support GRC tool implementation and workflows.

QUALIFICATIONS

  • Bachelor's degree in related field or 9 years of relevant experience.

  • 3 years relevant experience with Bachelor's Degree or Master's degree and 1 year of relevant experience

  • 2-5 years of experience in auditing or IT consulting

  • Experience with SOC2 reporting engagements, and Security, Availability, Confidentiality, Privacy, and Processing Integrity Trust Service Principles.

  • Experience with other compliance frameworks such as SOX, SOC1, PCI, NIST, HIPPA preferred to supplement SOC2.

  • Ability to collaborate with control and technology owners to design and implement controls/processes that appropriately mitigate compliance risk.

  • Microsoft Office and ability to adapt to ESI proprietary systems.

  • Information technology risk management experience and proven ability to meet deadlines.

  • Understanding of information risk management concepts.

  • Ability to adapt in a dynamic work environment, learns quickly, solve problems, and make decisions with minimal supervision.

  • Excellent verbal and written communication and presentation skills.

  • Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames.

  • Ability to develop process documentation.

  • Experience working with 'Agile' framework for project management is a plus

ABOUT THE DEPARTMENT

Do you enjoy the challenge of defending against security breaches? Put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged with maintaining a secure infrastructure day in and day out, while delivering an enterprise computing environment that resists breaches and disruptions. If you're as passionate about data security as we are, explore our opportunities.

ABOUT EXPRESS SCRIPTS

At Express Scripts, we dare to imagine a better health care system, and we're driven to make it happen. Where some see obstacles, we see possibilities. We're challengers, difference-makers and opportunity-seekers, united with our partners in pursuit of a simpler, more sustainable system and better health for all.

We have always acted first to take on the toughest challenges. We uniquely partner across the health care ecosystem to uncover opportunities, take action, advance health care and deliver better outcomes like no one else can. We believe health care can do more. We are Champions For BetterSM.

Express Scripts, part of Cigna Corporation, unlocks new value in pharmacy, medical and beyond to further total health for all.


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Compliance Senior Analyst

Accredo Health

Posted 4 weeks ago

VIEW JOBS 4/25/2019 12:00:00 AM 2019-07-24T00:00 POSITION SUMMARY Working within the Information Risk Management department, the Security Compliance Senior Analyst will support governance, risk, and compliance initiatives and perform key day-to-day activities to help deploy and maintain specifically the SOC2 attestation portfolio. This individual will help create and maintain risk assessments to facilitate scoping and defining boundaries of the system. This individual will facilitate control mapping, control gap identification, gap remediation, risk mitigation, and external auditor interaction. This individual will assist in ensuring compliance to SOC2 SSAE 18 AICPA reporting standards along with an understanding of the Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles. ESSENTIAL FUNCTIONS * Develop and maintain SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams. * Perform control alignment validation * Facilitate in identifying controls gaps ensuring sufficient remediation plans and tracking to timely resolution * Provide information for status reports and support stakeholder * Facilitate system and control understanding walkthrough meetings * Update and maintain system and process narratives * Support GRC tool implementation and workflows. QUALIFICATIONS * Bachelor's degree in related field or 9 years of relevant experience. * 3 years relevant experience with Bachelor's Degree or Master's degree and 1 year of relevant experience * 2-5 years of experience in auditing or IT consulting * Experience with SOC2 reporting engagements, and Security, Availability, Confidentiality, Privacy, and Processing Integrity Trust Service Principles. * Experience with other compliance frameworks such as SOX, SOC1, PCI, NIST, HIPPA preferred to supplement SOC2. * Ability to collaborate with control and technology owners to design and implement controls/processes that appropriately mitigate compliance risk. * Microsoft Office and ability to adapt to ESI proprietary systems. * Information technology risk management experience and proven ability to meet deadlines. * Understanding of information risk management concepts. * Ability to adapt in a dynamic work environment, learns quickly, solve problems, and make decisions with minimal supervision. * Excellent verbal and written communication and presentation skills. * Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames. * Ability to develop process documentation. * Experience working with 'Agile' framework for project management is a plus ABOUT THE DEPARTMENT Do you enjoy the challenge of defending against security breaches? Put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged with maintaining a secure infrastructure day in and day out, while delivering an enterprise computing environment that resists breaches and disruptions. If you're as passionate about data security as we are, explore our opportunities. ABOUT EXPRESS SCRIPTS At Express Scripts, we dare to imagine a better health care system, and we're driven to make it happen. Where some see obstacles, we see possibilities. We're challengers, difference-makers and opportunity-seekers, united with our partners in pursuit of a simpler, more sustainable system and better health for all. We have always acted first to take on the toughest challenges. We uniquely partner across the health care ecosystem to uncover opportunities, take action, advance health care and deliver better outcomes – like no one else can. We believe health care can do more. We are Champions For BetterSM. Express Scripts, part of Cigna Corporation, unlocks new value in pharmacy, medical and beyond to further total health for all. Accredo Health Saint Louis MO

Security Compliance Senior Analyst

Express Scripts