Manager Healthcare Security Risk Analyst

Job Description

About Corporate Security

Cognizant Corporate Security, a key organization within Cognizant Technologies, is chartered with managing and directing the global enterprise physical and logical security programs. The Corporate Security organization is responsible for the oversight and coordination of security efforts across the company, including information technology, human resources, communications, legal, facilities management and other groups, and is responsible for identifying security initiatives and standards. Corporate Security drives security compliance and serves as the key organization responsible with helping the business appropriately manage security risks.

Position Description

This position’s scope is focused on Cognizant Healthcare (CHC) business units.

Cognizant Healthcare delivers world-class, healthcare IT solutions that enable healthcare organizations to work more efficiently and collaboratively to deliver better health. Cognizant Healthcare solutions reach 250,000 care providers, streamline processes for more than 350 payers and touch over half the U.S. insured population. Cognizant Healthcare solutions help health plans and TPAs increase administrative efficiency, improve the cost and quality of care, and succeed in the retail healthcare market. Cognizant Healthcare solutions help physicians and health systems simplify business processes and execute strategies for population health management, accountable care, and value-based initiatives.

Cognizant requires a Security Risk Analyst to develop and execute the Security Program for our healthcare organization across the United States. The Manager Security Risk Analyst will provide operational support as Cognizant Healthcare continues to build its corporate security program. Assisting with Cognizant Healthcare’s enterprise security program by developing and focusing on strategic and technical initiatives. Providing assistance with development of areas such as architecture and design, application security, compliance, operations, training, and development.

Key Responsibilities:

• Focused on managing, prioritizing, and working with the business owners to remediate long-term Risks.

• Lead and manage information security resources, including the security team, vendors, and contractors.

• Accountable for delivering the IT security operations and participating in design and metrics.

• Accountable for delivering security operational tasks, prioritized to reflect the threat and vulnerability landscape.

• Accountable for ensuring all IT solutions are built and implemented to the agreed security architecture, design and solution specification by conducting or overseeing assurance activities during the SDLC process and providing final sign off.

• Accountable for ensuring effective architecture governance, policy, process and guidance is in place to inform and mandate repeatable, secure IT design practices.

• Serve as an expert advisor in the development, implementation, and maintenance of a company-wide information security policy and control framework.

• Provide guidance and advocacy regarding prioritization of investment and implementation associated with security strategy.

• Conduct threat, risk, and vulnerability analysis as part of the security design and solution engineering process.

• Monitor developments in the information security industry including vendor strategies and communicate on the potential impact on or applicability to the organization.

• Promote security culture and drive continuous security improvements. Ensure technical and operational security controls are incorporated into new systems and applications through participation in planning groups and the review of new systems, installations, and other major changes.

• Provide advice and assistance to internal team and external entities (subcontractors, contractors and vendors) concerning the security of information and critical data processing capabilities.

• Interpret HITRUST and HIPAA controls and properly apply the specifications across the operational responsibilities to help build cost-effective, scalable security controls and infrastructure to sustain certification levels across the enterprise.

• Encourage new ways of thinking and performing activities while creating a team environment where members embrace change and adopt new practices.

• Build rapport, credibility, and cohesion across all business unit teams and IT teams in the course of leading the projects.

• Engages with and participates with cross-functional independent representations of management to ensure appropriate oversight and governance of the security program.

• Ensures that assessment functions periodically review key programs related to information protection to obtain independent assessments of the security program effectiveness.

• Periodically reports progress to management, and assesses and measures results related to Information Security activities.

Educational Requirements:

• Demonstrated knowledge of security risks, healthcare regulatory frameworks, and vulnerabilities commonly discovered during scanning operations. Holds security certifications such as GIAC, CISSP or other related information security related industry certification.

General Knowledge, Skills and Abilities:

• Proficiency and experience in the design, implementation, operation and management of IT and Security systems and execution of dynamic controls frameworks such as ISO, COBIT, HIPAA, NIST, and other relevant regulations and legislation.

• Knowledge of specialized telecommunication techniques such Virtual Private Networks, encryption methodology and their associated technologies.

• Knowledge of industry standards including HIPAA, HITRUST, ISO 27001, NIST, etc.

• Extensive knowledge of risk analysis and the development of security systems and protocols.

• Information security management experience in enterprise organizations.

• Proficiency, and experience, devising and using information security tools and related methodologies.

• Demonstrable experience managing projects from concept to production

• 2+ years of experience managing personnel, performance, and development of staff

• Ability to create professional presentations using Excel, PowerPoint, and Word

• Strong intellect and analytical skill

• Ability to be flexible, proactive, and to comprehend quickly

• People Interactions:

1. Within own team or department at leadership / strategic level

2. Contact with peers in the organization at global senior management at strategic level

3. Contact with customers requesting additional visibility into hosting systems design and operational capability

Cognizant is a leading provider of Information Technology, Consulting, IT Infrastructure, and Business Process Outsourcing services. Cognizant’s single-minded mission is to dedicate our business process and technology innovation know-how, deep industry expertise, and worldwide resources to working together with customers to make their businesses stronger. As a customer-centric, relationship-driven partner, we are redefining the way companies experience and benefit from global services. Our unique delivery model is infused with a distinct culture of high customer satisfaction. Cognizant delivers a trusted partnership, cost reductions and business results.

Cognizant is a member of the NASDAQ-100, the S&P 500, the Forbes Global 2000, and the Fortune 500. Cognizant is ranked among the top performing and fastest growing companies in the world. Visit us online at http://www.cognizant.com/ or follow us on Twitter: Cognizant.

Cognizant is an Equal Opportunity Employer M/F/D/V. Cognizant is committed to ensuring that all current and prospective associates are afforded equal opportunities and treatment and a work environment free of harassment.