Jobs with CareFirst BlueCross BlueShield
(Found 106 Jobs)
CareFirst BlueCross BlueShield
Lead Cyber Security Analyst (Hybrid)
CareFirst BlueCross BlueShield
Resp & Qualifications PURPOSE:To ensure the organization's data remains protected from inappropriate access, disclosure and/or damage. To advocate for and execute the processes and practices of the C...
Sep 25, 2024
Washington, DC
CareFirst BlueCross BlueShield
Accounting Manager (Hybrid)
CareFirst BlueCross BlueShield
Resp & Qualifications PURPOSE: This position provides management and direction within the Accounting Department and oversees the accounting close process and financial analysis function for...
Sep 21, 2024
Owings Mills, MD
CareFirst BlueCross BlueShield
Senior Treasury Analyst (Remote)
CareFirst BlueCross BlueShield
Resp & Qualifications PURPOSE: The Sr Treasury Analyst assists the Manager Treasury with analysis of the organization's financial activity, cash flow management, credit, income, asset levels, an...
Sep 21, 2024
Baltimore, MD
CareFirst BlueCross BlueShield
Senior Data Scientist (Hybrid)
CareFirst BlueCross BlueShield
Resp & Qualifications PURPOSEThe Sr. Data Scientist is responsible for managing health equity data governance and advancing data initiatives across the enterprise. This role plays a critical part in...
Sep 18, 2024
Baltimore, MD
CareFirst BlueCross BlueShield
Director, Product - Health Plans (Hybrid)
CareFirst BlueCross BlueShield
Resp & Qualifications As a HYBRID role, associates are required to travel into the offices on occasion. PURPOSE: The Director, Product is responsible for leading a dedicated product discipl...
Sep 17, 2024
Baltimore, MD
Lead Cyber Security Analyst (Hybrid)
Washington, DC
Sep 25, 2024

Resp & Qualifications

PURPOSE:

To ensure the organization's data remains protected from inappropriate access, disclosure and/or damage. To advocate for and execute the processes and practices of the Cybersecurity team while supporting business and customer needs. 

ESSENTIAL FUNCTIONS:

  • Leads the team in regular assessments of network and system security for intrusion detection, vulnerability, and security configurations.
  • Develops procedures for assessing indicators using the research of cybersecurity policies, indicators, and protocols.
  • Designs technical solutions for network protection, endpoint security, access control, auditing, and log management. Uses technical expertise to resolve and identify issues through the analysis of technical problems.
  • Prevents network damage and restores computers and electronic communication systems.
  • Collaborates with the security community to obtain technical cyber threat intelligence. Researches emerging information security threats, vulnerabilities, and their countermeasures.
  • Leads the implementation of strategies for the detection and reporting of day-to-day security incidents.
  • Participates in the development of quality assurance policies.

    QUALIFICATIONS:

    Education Level: Bachelor's Degree, Computer Science, Cyber Security, Information Technology, or related field OR in lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.

    Licenses / Certifications (Preferred)

    • CISSP - Certified Information Systems Security Professional 
    • CISM - Certified Information Security Manager 
    • CRISC - Certification in Risk and Information Systems Control 
    • CISM - Certified Information Security Manager 
    • CISA Certified Information Systems Auditor 
    • SANS GIAC certifications in relevant security and risk areas 
    • CASP - CompTIA Advanced Security Practitioner 
    • CompTIA Security+
    • AWS Certifications

    Experience: 8 years related experience or cybersecurity certification and 5 years related experience.
    cybersecurity certification and 5 years related experience.

    Preferred Qualifications:

    • Advanced degree in IT or cybersecurity or equivalent experience.

    Knowledge and work experience using several of the following frameworks/regulations:

    • NIST Special Publication 800-53 Rev. 4 /5 Security and Privacy Controls for Information Systems and Organizations
    • HIPAA Security and Privacy Final Rule (45 CFR Part 164)
    • NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
    • HITRUST, FedRAMP
    • NIST CSF, NIST RMF, FedRAMP, HITRUST, CIS benchmarks, CIS Top 20, CSAs Cloud Controls Matrix (CCM), COBIT, CMMC, ISO 27001, FAIR
    • Various privacy frameworks: GDPR, CCPA, others

    Knowledge of developing SSPs (system security plans) based on NIST 800-171, 800-53, and FedRAMP.

    • Experience with a wide variety of security tools such as IPS/IDS systems, firewalls, SIEM, web application firewalls, network and application vulnerability scanners (SAST, DAST, IAST), red / blue team exercises, EDR  and XDR platforms, CSPM/CNAPP platforms, Amazon Web Services tools and technologies (Security Hub, Macie, Guard Duty, others), CASB platforms, PKI / HSMs, wireless technologies and platforms, NAC, secure email systems, network detection and response platforms, SOAR.
    • Experience in conducting and managing security and privacy risk assessments, audits, completing risk exception and acceptance requests.  This work may be supervised by the Information Security Audit Manager.
    • Familiarity with SIG, SOC2 Type 2, and other security attestation documents to support vendor assessments and third-party risk management.
    • Skilled at working with a variety of stakeholders (internal and external to the organization) to assess cybersecurity strengths, weaknesses, and gaps in adherence to controls with the ability to develop solutions and documentation to address identified security coverage gaps with a proven ability to elicit, document, analyze, and verify requirements.
    • Disciplined and seasoned in change management practices.
    • Cyber security business and systems subject matter management expertise in Application Security, Data Security, Data Governance, and Network Security domains.
    • Experience with responding to internal and external audit requests, working with, and communicating to auditors and assessors, understanding the extent of appropriate evidence needed to satisfy audit and assessment requests.
    • Experience with working with enterprise or cybersecurity specific risk registers and analyzing risks to the organization on a cost/benefit basis.
    • Experience with GRC (Governance, Risk, and Compliance) systems or ITRM (Information Technology Risk Management) systems.
    • Excellent written skills to develop, review, and refine cybersecurity standards, SOPs, and policies with communication skills (verbal and written) to communicate to all levels of the organization. 
    • Excellent interpersonal skills including the ability to build consensus and agreement and bring resolution to contentious issues and entrenched interests. 
    • Proven experience supporting security risk teams and peer management with demonstrated business process, workflow, task analysis, and metrics/results measurement.  Exposure to user-acceptance testing and requirements analysis knowledge desired.
    • Advanced written and verbal communication skills.
    • Excellent organizational, analytic, and problem-solving skills with the ability to set priorities and handle multiple projects concurrently with attention to detail.
    • Ability to anticipate security governance needs and take action before they become organizational problems.
    • Knowledge of AGILE and/or Waterfall SDLC methodologies.
    • Excellent knowledge of MS Office tool set MS Word, MS Excel, MS Project, and MS Visio.
    • Understanding of data analysis and modelling.
    • Knowledge of cloud security controls (AWS / Azure).
    • Experience with healthcare insurance industry, especially BCBS plans.

    Knowledge, Skills, and Abilities (KSAs)

    • Ability to manage multiple tasks and deliverables with minimal supervision. 
    • Ability to explain technical information to technical and nontechnical personnel.
    • Knowledge of cyber security related risk management techniques.
    • Knowledge of network architecture and firewall security.
    • Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service.
    • Must be able to effectively work in a fast-paced environment with frequently changing priorities, deadlines, and workloads that can be variable for long periods of time. Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.

    Salary Range: $107,136 - $212,784

    Salary Range Disclaimer

    The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the work is being performed. This compensation range is specific and considers factors such as (but not limited to) the scope and responsibilites of the position, the candidate's work experience, education/training, internal peer equity, and market and business consideration. It is not typical for an individual to be hired at the top of the range, as compensation decisions depend on each case's facts and circumstances, including but not limited to experience, internal equity, and location. In addition to your compensation, CareFirst offers a comprehensive benefits package, various incentive programs/plans, and 401k contribution programs/plans (all benefits/incentives are subject to eligibility requirements).

    Department

    Security Governance and Report

    Equal Employment Opportunity

    CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

    Where To Apply

    Please visit our website to apply: www.carefirst.com/careers

    Federal Disc/Physical Demand

    Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

    PHYSICAL DEMANDS:

    The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

    Sponsorship in US

    Must be eligible to work in the U.S. without Sponsorship

    #LI-RC1 

    PDN-9d173da9-6fc2-4db6-b8b8-216f819160b1
©2024 TalentAlly.
Powered by TalentAlly.
Apply for this job
Lead Cyber Security Analyst (Hybrid)
CareFirst BlueCross BlueShield
Washington, DC
Sep 25, 2024
Your Information
First Name *
Last Name *
Email Address *
Zip Code *
Password *
Confirm Password *
Create your Profile from your Resume
By clicking the Apply button, you agree to the terms of use and privacy policy.
Continue to Apply

CareFirst BlueCross BlueShield would like you to finish the application on their website.

Ace your interview with AI-powered interview practice

Get comfortable talking to hiring managers, receive personalized feedback on areas for improvement, sharpen your ability to answer the most common questions, and build confidence in formulating strong responses on the spot. Click the button below to begin your three free virtual interviews!