Working within the Information Risk Management department, the Security Compliance Senior Analyst will support governance, risk, and compliance initiatives and perform key day-to-day activities to help deploy and maintain specifically the SOC2 attestation portfolio. This individual will help create and maintain risk assessments to facilitate scoping and defining boundaries of the system. This individual will facilitate control mapping, control gap identification, gap remediation, risk mitigation, and external auditor interaction. This individual will assist in ensuring compliance to SOC2 SSAE 18 AICPA reporting standards along with an understanding of the Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles.
Develop and maintain SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams.
Perform control alignment validation
Facilitate in identifying controls gaps ensuring sufficient remediation plans and tracking to timely resolution
Provide information for status reports and support stakeholder
Facilitate system and control understanding walkthrough meetings
Update and maintain system and process narratives
Support GRC tool implementation and workflows.
Bachelor's degree in related field or 9 years of relevant experience.
3 years relevant experience with Bachelor's Degree or Master's degree and 1 year of relevant experience
2-5 years of experience in auditing or IT consulting
Experience with SOC2 reporting engagements, and Security, Availability, Confidentiality, Privacy, and Processing Integrity Trust Service Principles.
Experience with other compliance frameworks such as SOX, SOC1, PCI, NIST, HIPPA preferred to supplement SOC2.
Ability to collaborate with control and technology owners to design and implement controls/processes that appropriately mitigate compliance risk.
Microsoft Office and ability to adapt to ESI proprietary systems.
Information technology risk management experience and proven ability to meet deadlines.
Understanding of information risk management concepts.
Ability to adapt in a dynamic work environment, learns quickly, solve problems, and make decisions with minimal supervision.
Excellent verbal and written communication and presentation skills.
Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames.
Ability to develop process documentation.
Experience working with 'Agile' framework for project management is a plus
ABOUT THE DEPARTMENT
Do you enjoy the challenge of defending against security breaches? Put your skills to work at an organization trusted to protect client, patient and company data amid the ever-changing landscape of information security threats and risks. Our cyber defenders are challenged with maintaining a secure infrastructure day in and day out, while delivering an enterprise computing environment that resists breaches and disruptions. If you're as passionate about data security as we are, explore our opportunities.
ABOUT EXPRESS SCRIPTS
At Express Scripts, we dare to imagine a better health care system, and we're driven to make it happen. Where some see obstacles, we see possibilities. We're challengers, difference-makers and opportunity-seekers, united with our partners in pursuit of a simpler, more sustainable system and better health for all.
We have always acted first to take on the toughest challenges. We uniquely partner across the health care ecosystem to uncover opportunities, take action, advance health care and deliver better outcomes like no one else can. We believe health care can do more. We are Champions For BetterSM.
Express Scripts, part of Cigna Corporation, unlocks new value in pharmacy, medical and beyond to further total health for all.