Health Net, Inc. is a publicly traded managed care organization that delivers managed health care services through health plans and government-sponsored managed care plans. Its mission is to help people be healthy, secure and comfortable. The company provides health benefits to approximately 6.0 million individuals across the country through group, individual, Medicare (including the Medicare prescription drug benefit commonly referred to as "Part D"), Medicaid, Department of Defense, including TRICARE, and Veterans Affairs programs. Health Net's behavioral health services subsidiary, Managed Health Network, Inc., provides behavioral health, substance abuse and employee assistance programs to approximately 5.4 million individuals, including Health Net's own health plan members. The company's subsidiaries also offer managed health care products related to prescription drugs, and offer managed health care product coordination for multi-region employers and administrative services for medical groups and self-funded benefits programs.
For more information on Health Net, Inc., please visit the company's website at
Under the direction of IS Risk Management manger, this position is responsible for contributing to the development, maintenance and implementation of the Information Systems Risk Management Program. The Sr IS Risk Management Analyst interacts with technical and business units to evaluate information systems in terms of risk to the organization and to recommend establishment of controls to mitigate loss of data and maintain confidentiality, integrity, and availability while meeting the core organizational mission of Health Net.
This position requires specialization in one or more areas of IT infrastructure, information systems, applications platforms, or processes for risk analysis in accordance with established regulations and organizational standards.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
- Conducts IS risk analysis in accordance with Health Net's IS Risk Management Framework including new IT products and services, third-party vendors, and internal systems and processes.
- Evaluates and recommends controls to mitigate identified risks to acceptable levels based on Health Net's defined risk appetite.
- Analyzes customer requests for information (RFI) or proposals (RFP) related to the protection of information, IT compliance, and technical support services and documents responses.
- Recommends, maintains, and implements IS risk management frameworks, assessment methodologies, and tools.
- Provides assistance to IT Audit, Internal Audit, and other departments regarding IS Risk Management issues and controls, including reviews of assessments conducted by other organizations.
- Provides subject matter expertise in support of contract negotiations related to the protection of information, IT compliance, and technical support services requirements.
- Approves redlines to Business Associate Agreement Security Addendums within establish parameters.
- Monitors risk notifications from vendors and assists with appropriate documentation and response.
- Provides a leadership role in the recommendation, development, and implementation of IS Risk Management programs as required to achieve compliance objectives.
- Guides and mentors Information Security Analysts.
- Monitors and guides security administrators and liaisons regarding their compliance to standards.
- Performs other duties as requested.
College Degree in Computer Science or Information Security strongly preferred. Significant work experience may reduce or substitute for education requirement
Must have a current CISSP, CISA, CRISC, CISM or other equivalent information security or risk management certification
Minimum five years experience in Information Technology and/or networks
Minimum three years experience in information security, risk management or IT audit related positions
Knowledge, Skills & Abilities:
- Excellent oral and written communication skills are required
- Knowledge of laws and regulations impacting data protection and confidentiality, integrity and availability of systems and data in the healthcare industry, including HIPAA, HI-TECH, Sarbanes-Oxley, and state regulations
- Strong knowledge of recognized information security-related standards such as ISO-CobIT, and NIST
- Strong analytical, planning, creative problems solving and multi-tasking skills
- Strong Interpersonal skills to interface with internal and external parties in a professional manner that creates confidence in his/her subject matter expertise and helps foster resolution of risk gas and issues
- Knowledge of how technologies, processes and controls impact risk in both the information systems and corporate business environment and ability to translate security and operational controls into business risk
- Requires knowledge of information security, access controls, application and platform controls, data protection and cryptography, operations security, telecommunications, network and internet security, disaster recovery and physical security controls
- Ability to travel in support of onsite assessments
As a government contractor, this position requires U. S. citizenship and proof of favorable adjudication following submission of Department of Defense form SF86 or higher security.
Any combination of academic education, professional training or work experience, which demonstrates the ability to perform the duties of the position.
Health Net, Inc. supports a drug-free work environment and requires pre-employment background and drug screening.
Health Net and its subsidiaries are an Equal opportunity/Affirmative Action Employer M/F/V/D.
Health Net - 15 months ago