Information Risk Analyst II

You could be the one who changes everything for our 28 million members. Centene is transforming the health of our communities, one person at a time. As a diversified, national organization, you’ll have access to competitive benefits including a fresh perspective on workplace flexibility.
 

Position Purpose:

Conduct various Risk Assessments of information technology systems and internal processes. Recommend controls to mitigate loss of information assets to protect the confidentiality, integrity, and availability of sensitive data while meeting the core organizational mission of Centene.

• Assess security risks of systems, applications, processes with emphasis on cybersecurity risks against common control frameworks and regulations including but not limited to HIPAA, NIST, ISO-27001 and make recommendations to mitigate.
• Utilize qualitative and quantitative analysis methods to assess risk and provide outputs to risk stakeholders.
• Evaluates and recommends controls to mitigate identified risks to acceptable levels based on Centene's defined risk appetite.
• Collaborates with internal and/or external security teams regarding Security Risk Management issues and controls.
• Maintain communication with stakeholders throughout the risk assessment process.
• Prepare finalized reports stating identified risks, and their recommended controls for stakeholders to make treatment decisions.
• Performs other duties as assigned.
• Complies with all policies and standards.

Education/Experience:

Bachelor's degree in IT, MIS, Accounting, Finance, Business Administration, related field or equivalent experience.

3+ years of combined auditing and IT controls design experience.

Knowledge of IT systems and processes and experience evaluating internal technical control systems required.

Technical Skills & Abilities:

• Excellent oral and written communication skills.
• Basic knowledge of laws and regulations impacting data protection and confidentiality, integrity, and availability of systems and data in the Healthcare industry such as HIPAA, HI-TECH, Sarbanes-Oxley, GDPR, and state regulations.
• Knowledge of all phases of conducting risk assessments including identification, analysis, impact evaluation, response, reporting and tracking.
• Strong analytical, planning, problem solving and time management skills.
• Interpersonal skills to interface with internal and external parties in a professional manner.
• Knowledge of how technologies, processes, and controls impact risk in both the information systems and corporate business environment.
• Archer GRC experience is preferred.

Licenses/Certifications:

CISA, CISSP, CRISC, or relevant cybersecurity certification preferred

Centene offers a comprehensive benefits package including: competitive pay, health insurance, 401K and stock purchase plans, tuition reimbursement, paid time off plus holidays, and a flexible approach to work with remote, hybrid, field or office work schedules.  Actual pay will be adjusted based on an individual's skills, experience, education, and other job-related factors permitted by law.  Total compensation may also include additional forms of incentives.

Centene is an equal opportunity employer that is committed to diversity, and values the ways in which we are different. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other characteristic protected by applicable law.

Qualified applicants with arrest or conviction records will be considered in accordance with the LA County Ordinance and the California Fair Chance Act