Our work matters. We help people get the medicine they need to feel better and live well. We do not lose sight of that. It fuels our passion and drives every decision we make.

Job Posting Title

Job Description

The Senior Business Information Security Consultant serves as a direct security contact for our clients. This position provides reporting, metrics and regular status updates to clients. The Senior Business Information Security Consultant works collaboratively with key stakeholders to ensure client security requirements are being met and adhered to.

Responsibilities

• Serves as primary point of contact for Commercial and State Government Solutions clients and manages intake and coordination of business requests

• Collate monthly reporting (metrics, POAMs, vulnerability, etc.) and provide clients and stakeholders with technical overview on security trends and service issues

• Understand Prime Information Security's policies, processes, and technologies to provide meaningful guidance, advice and understanding to client information security

• Assist in the documentation, management, tracking and reporting of Plan of Action and Milestones to client accounts

• Participate in client RFP and contract reviews and advise Information Security Leadership to ensure consistent security approaches across business accounts

• Assist in the creation and management of System Security Plans (SSPs), work with content owners to ensure SSPs are updated as required and respond as the primary contact for the plans

• Assist with client security assessments and requests by providing the system, services, and requirement scope; assist the Governance Risk and Compliance team in crafting responses as required

• Review vulnerability and patching reports to assess risk level and prioritize remediation actions required by the IT & App teams

Minimum Qualifications

• Bachelor’s degree in information security, computer science or related area of study, or equivalent combination of education and relevant work experience; High School diploma or GED is required

• 5 years’ work experience in cybersecurity and/or information technology including 3 years in an operationally focused security practitioner role

• Working knowledge of HIPAA Security Rule and NIST security standards

Additional Qualifications

• Excellent written, technical, and verbal communication skills

• Capable of exceling in a growing, changing, and collaborative environment

• Strong problem-solving and business analysis skills

• Ability to interpret and produce technical documentation such as diagrams, configuration parameters, processes and procedures, etc.

• Ability to manage multiple priorities and expert multi-tasking skills

• Capable of effective meeting facilitation with technical and non-technical team members

Preferred Qualifications

• CISM (Certified Information Security Manager), GIAC (global information assurance certificate), SSCP (systems security certified practitioner), CISSP (certified information systems security professional), CRISC (Certified in Risk and Information Systems Control), or CISA (Certified Information Systems Auditor)

• Experience working in environment with regulatory compliance frameworks and their requirements (PCI, HITRUST, SOC 2 audits, MARS-E etc.)

• Experience in PBM / health care industry

• Experience in the infrastructure domain working with IT Architecture

• Experience with understanding of security assessments, domains and controls

Minimum Physical Job Requirements

• Ability to travel up to 5% of the time

• Ability to work a flexible schedule including working on-call 24x7 as required

• Constantly required to sit, use hands to handle or feel, talk and hear

• Frequently required to reach with hands and arms

• Occasionally required to stand, walk and stoop, kneel, and crouch

• Occasionally required to lift and/or move up to 10 pounds and occasionally lift and/or move up to 25 pounds

• Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and ability to adjust focus

Reporting Structure

• Reports to a Sr. Director in the Information Security Department