Job Information
Tufts Health Public Plans Inc Sr. Security Risk Assessment Analyst - R7997 in Seattle, Washington
Who We Are
Point32Health is a leading health and wellbeing organization, delivering an ever-better personalized health care experience to everyone in our communities. At Point32Health, we are building on the quality, nonprofit heritage of our founding organizations, Tufts Health Plan and Harvard Pilgrim Health Care, where we leverage our experience and expertise to help people find their version of healthier living through a broad range of health plans and tools that make navigating health and wellbeing easier.
We enjoy the important work we do every day in service to our members, partners, colleagues and communities. To learn more about who we are at Point32Health, click here{rel="nofollow" https:="" youtu.be="" s5i_hgoecjq="" ""="" target="" _blank""=""}.
Job Summary
The Sr. Risk Assessment Analyst is part of the Risk Assessment Services team and is responsible for assessing changes introduced in to the organization, e.g., technology, third-party vendor/provider, determining the inherent risk introduced, and collaborating with business and technology stakeholders to ensure that identified security concerns are appropriately addressed. Members of Risk Assessment team are responsible for periodically reevaluating the security of existing technology and third-party relationships, based upon risk or other events.
Key Responsibilities/Duties -- what you will be doing
Assess inherent risks introduced by new or materially changed technology solutions (e.g., SaaS applications, cloud environments, applications, etc.) and third-party relationships and collaborate in partnership with vendors, technology SMEs, and business leaders to ensure that identified security concerns are appropriately addressed before being introduced for use by colleagues, customers, etc.
Participate as a project stakeholder, provide security consultation and guidance to technology and business stakeholders to help ensure that security concerns are effectively communicated in terms that are understood by the appropriate audience.
Effectively represent Point32Health's security policy requirements and corresponding security control objectives to assist in effectively communicating and/or working through alternative controls that will achieve the same security control objective.
Periodically reassess third-party relationships and implemented technology solutions to ensure that the controls continue to meet security expectations to address the current cyber threat landscape.
Qualifications -- what you need to perform the job
At least five (5) years working in a cyber/information security field that included frequent engagement with both technology and business stakeholders.
Expertise in at least two of the following: networking, identity/access management, code development, compliance, auditing, cloud computing, penetration testing, threat management, threat detection & response, risk assessment services, disaster recovery, privacy
Excellent written and verbal communications skills. Ability to effectively collaborate, educate, and influence technology and business leaders
Flexible workstyle; open to unexpected changes and reprioritization requests
Positive attitude and friendly personality. Always eager to help others and to support the needs of the team and the broader Cyber & Information Security department.
A bachelor's degree in cyber/information security, information technology, or related field is preferred but not required. Relevant experience and industry recognized certifications provide sufficient alternative assurances.
Compensation & Total Rewards Overview