Information Security Analyst

Information Security Analyst page is loaded

The Information Security Analyst is responsible for the operations, administration, and governance of the enterprise security solutions and processes.

EDUCATION

High School diploma or equivalent
Bachelor’s degree in Business, Computer Science, Management Information Systems, or related field. In lieu of degree, minimum five (5) years' relevant experience will be considered.

LICENSING/CERTIFICATION

Professional security management certification (Certified Information Systems Security Professional (CISSP)) or other similar credentials desired.

EXPERIENCE

Minimum three (3) years' experience conducting system audits, working with external vendors, conducting information security risk assessments, or related experience in information security, business continuity, or disaster recovery.
Knowledge of at least one (1) common information security management framework, such as HIPAA, HITRUST, ISO/IEC 27001, ITIL, NIST, COBIT, and/or ITL.
System analysis and project management experience are preferred.

Data testing and/or software application testing experience are also preferred.

ESSENTIAL SKILLS & ABILITIES

• Detail-Oriented
• Critical thinking
• Strong analytical skills
• Problem sensitivity
• Ingenuity
• Project management skills
• Excellent communication skills
• Ability to build collaborative relationships

PREFERRED SKILLS

• Sailpoint
• Okta
• SQL

• Active Listening
• Business Compliance
• Computer Literacy
• Coordinating Resources
• Critical Thinking
• Deductive Reasoning
• Interpersonal Relationship Management
• Operations Coordination
• Oral Communications
• Problem Sensitivity
• Process Improvements
• Systems Analysis
• Time Management
• Written Communication

• Asset Security: Provide guidance and policy expertise for data security, including data classification, storage, transmission, and lifecycle management. Set baseline configurations and monitor data governance. Enforce security standards such as file permissions, encryption, cloud data security, network assets, endpoint requirements, etc.
• Communication and Network Security: Support network monitoring solutions within SOC/SIEM. Handle initial incident response functions. Oversee implementation, configuration, and maintenance of network security assets.
• Identity and Access Management: Manage account security across systems. Conduct entitlement reviews, audits, and support end users. Manage access application/system updates and testing.
• Perform other duties as assigned.
• Security and Risk Management: Guide business partners on security issues. Create and enforce security policies. Oversee compliance, audits, vulnerability management, anti-phishing campaigns, and third-party risk management.
• Security Architecture and Engineering: Ensure security in system design, including confidentiality, integrity, and availability. Set security standards for mobile, web, and IoT devices.
• Security Assessment and Testing: Provide evidence for security assessments and audits. Coordinate external assessments and penetration tests.
• Security Operations: Support incident response, investigations, logging, disaster recovery testing, and personnel safety.
• Software Development Security: Consult on security for software development. Oversee vulnerability scanning and SDLC compliance.

This role requires proficiency in three (3) security components: Certifications and Security Requirements. The position is classified as level three (3), ensuring the confidentiality and integrity of records to prevent harm or unfairness, following company policies. Segregation of duties guidelines must be adhered to.

Regular

Work in a general office setting or remotely, with occasional lifting up to 40 lbs and local travel as needed.

Arkansas Blue Cross is ranked among the best places to work in Central Arkansas.

We offer incentives such as Club Blue gym, onsite restaurants, wellness programs, and more.

Our inclusive culture and long employee tenures foster a supportive environment.

Employees volunteer and support community initiatives, especially during disasters.