Information Security Subsidiary Risk Management Specialist
Company Name:
Express Scripts
##
ABOUT EXPRESS SCRIPTS
Advance your career with the company that makes it easier for people to choose better health. Express Scripts is a leading healthcare company serving tens of millions of consumers. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes. Join the company that Fortune magazine ranked as one of the Most Admired Companies in the pharmacy category. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401(k) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan.
Express Scripts is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. Applicants must be able to pass a drug test and background investigation. Express Scripts is a VEVRAA Federal Contractor.
##
ABOUT THE DEPARTMENT
Information Technology's vision is to be a catalyst in developing new business opportunities, sustaining strategic partnerships with our customers and supporting the future growth of Express Scripts. This vision is realized by aligning our work to corporate goals and market forces in order to deliver innovative business solutions in a reliable, secure and compliant manner while positioning us for future technology & market change. We deliver on these imperatives through the use of best people, best methods, best partners, enabled by a flexible & scalable architecture to deliver business value.
Through this vision, we achieve our mission to provide innovative business solutions that enable & drive value in a timely, reliable, secure and cost-effective manner.
## JOB DESCRIPTION
The subsidiary security risk specialist helps drive the security programs of current and future subsidiaries by leading security risk assessments, maturity measurements, and threat modeling exercises. This position will act as a program manager for all remediation efforts, partnering with subsidiary security, IT, and business teams to deliver solutions that manage risk for the entire enterprise.
Essential Functions:
Develop and maintain security scorecards and metrics for subsidiaries in alignment with the corporate scorecards
Act as a program manager for security initiatives with subsidiaries
Collaborate with our subsidiary partners in security, IT, and the business to develop roadmaps that best balance the concerns of security risk and costs
Perform security / architecture reviews of applications, systems, and entire subsidiaries
Performs risk assessments and security audits of internal and external facilities against established standards.
Performs risk assessments for sensitive internal and external systems and perform threat modeling.
Contribute in establishing policies and procedures necessary to ensure the security of information system assets, and to protect them from intentional or inadvertent access, disclosure, or destruction
Assists project teams in the implementation of security measures to meet corporate security policies, manage risk, and external regulations, e.g., Sarbanes Oxley, HIPAA.
Weigh business needs against security concerns and articulate issues and options to management
Active participation in strategic initiatives in accordance to the IRM roadmap
Excellent organizational skills and ability to communicate with internal/external entities and executives a must
Effective leadership skills, demonstrated ability to coordinate people and teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities
LI-CK1
##
Qualifications:
10 years of security experience, including experience as a security practitioner in at least two of the areas above
Security program management
Experience developing and leading security organizations
Experience partnering with stakeholders in other organizations and successfully managing security risk
Experience managing security implications of M&A; and/or existing subsidiaries
Knowledge of generally accepted Information Security controls (e.g. NIST 800-53, ISO 27001/27002)
Bachelors degree in computer science, MIS, or similar
5
years of IT practitioner experience including development, network
Strong technical security experience and knowledge including:
Network security
Infrastructure and host security
Application security
Physical security
Identity and access management
Vulnerability management
Penetration testing
Workstation security
Incident management
Job Category: Information Technology
Primary Location: United States-Missouri-St. Louis
Other Locations: United States-New Jersey-Franklin Lakes
Work Locations: Saint Louis, MO - HQ1 - 1 Express Way (3607)One Express WaySt. Louis, 63121Franklin Lakes, NJ - 100 Parsons Pond Drive (4106)100 Parsons Pond DriveFranklin Lakes, 07417
Schedule: Full-time
Shift: 1st Shift
Employee Status: Regular
Travel: Yes, 10 % of the Time
Work From Home?: NoEstimated Salary: $20 to $28 per hour based on qualifications.
Express Scripts
##
ABOUT EXPRESS SCRIPTS
Advance your career with the company that makes it easier for people to choose better health. Express Scripts is a leading healthcare company serving tens of millions of consumers. We are looking for individuals who are passionate, creative and committed to creating systems and service solutions that promote better health outcomes. Join the company that Fortune magazine ranked as one of the Most Admired Companies in the pharmacy category. Then, use your intelligence, creativity, integrity and hard work to help us enhance our products and services. We offer a highly competitive base salary and a comprehensive benefits program, including medical, prescription drug, dental, vision, 401(k) with company match, life insurance, paid time off, tuition assistance and an employee stock purchase plan.
Express Scripts is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. Applicants must be able to pass a drug test and background investigation. Express Scripts is a VEVRAA Federal Contractor.
##
ABOUT THE DEPARTMENT
Information Technology's vision is to be a catalyst in developing new business opportunities, sustaining strategic partnerships with our customers and supporting the future growth of Express Scripts. This vision is realized by aligning our work to corporate goals and market forces in order to deliver innovative business solutions in a reliable, secure and compliant manner while positioning us for future technology & market change. We deliver on these imperatives through the use of best people, best methods, best partners, enabled by a flexible & scalable architecture to deliver business value.
Through this vision, we achieve our mission to provide innovative business solutions that enable & drive value in a timely, reliable, secure and cost-effective manner.
## JOB DESCRIPTION
The subsidiary security risk specialist helps drive the security programs of current and future subsidiaries by leading security risk assessments, maturity measurements, and threat modeling exercises. This position will act as a program manager for all remediation efforts, partnering with subsidiary security, IT, and business teams to deliver solutions that manage risk for the entire enterprise.
Essential Functions:
Develop and maintain security scorecards and metrics for subsidiaries in alignment with the corporate scorecards
Act as a program manager for security initiatives with subsidiaries
Collaborate with our subsidiary partners in security, IT, and the business to develop roadmaps that best balance the concerns of security risk and costs
Perform security / architecture reviews of applications, systems, and entire subsidiaries
Performs risk assessments and security audits of internal and external facilities against established standards.
Performs risk assessments for sensitive internal and external systems and perform threat modeling.
Contribute in establishing policies and procedures necessary to ensure the security of information system assets, and to protect them from intentional or inadvertent access, disclosure, or destruction
Assists project teams in the implementation of security measures to meet corporate security policies, manage risk, and external regulations, e.g., Sarbanes Oxley, HIPAA.
Weigh business needs against security concerns and articulate issues and options to management
Active participation in strategic initiatives in accordance to the IRM roadmap
Excellent organizational skills and ability to communicate with internal/external entities and executives a must
Effective leadership skills, demonstrated ability to coordinate people and teams to project/activity completion and the ability to work in a team environment, sharing workloads and responsibilities
LI-CK1
##
Qualifications:
10 years of security experience, including experience as a security practitioner in at least two of the areas above
Security program management
Experience developing and leading security organizations
Experience partnering with stakeholders in other organizations and successfully managing security risk
Experience managing security implications of M&A; and/or existing subsidiaries
Knowledge of generally accepted Information Security controls (e.g. NIST 800-53, ISO 27001/27002)
Bachelors degree in computer science, MIS, or similar
5
years of IT practitioner experience including development, network
Strong technical security experience and knowledge including:
Network security
Infrastructure and host security
Application security
Physical security
Identity and access management
Vulnerability management
Penetration testing
Workstation security
Incident management
Job Category: Information Technology
Primary Location: United States-Missouri-St. Louis
Other Locations: United States-New Jersey-Franklin Lakes
Work Locations: Saint Louis, MO - HQ1 - 1 Express Way (3607)One Express WaySt. Louis, 63121Franklin Lakes, NJ - 100 Parsons Pond Drive (4106)100 Parsons Pond DriveFranklin Lakes, 07417
Schedule: Full-time
Shift: 1st Shift
Employee Status: Regular
Travel: Yes, 10 % of the Time
Work From Home?: NoEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
