Description
Founded in 1934, Medical Mutual is the oldest and one of the largest health insurance companies based in Ohio. We provide peace of mind to more than 1.6 million Ohioans through our high-quality health, life, disability, dental, vision and indemnity plans. We offer fully insured and self-funded group coverage, including stop loss, as well as Medicare Advantage, Medicare Supplement, and individual plans.
Medical Mutual' s status as a mutual company means we are owned by our policyholders, not stockholders, so we don't answer to Wall Street analysts or pay dividends to investors. Instead, we focus on developing products and services that allow us to better serve our customers and the communities around us and help our members achieve their best possible health and quality of life.
This position has the option to work hybrid in Columbus, OH.
Requires work to be performed at an onsite physical location on a regular basis (generally 3 days per week) as determined by applicable business unit unless business demands, geography or other factors require adjustments to this requirement.
IT Security Analyst – II
This role supports the enterprise's compliance with the HIPAA Security, SOC 2, SOC 1, and other internal audits. This individual is responsible for policies, procedures, and risk management projects. This role will fulfill these duties by collaborating with internal, IT staff, and other stakeholders to ensure compliance project deliverables are met.
IT Security Analyst – III
This role supports the enterprise's compliance with the HIPAA Security, SOC 2, SOC 1, and other internal audits. This individual is responsible for policies, procedures, and risk management governance (GRC). This role will fulfill these duties by collaborating with internal, IT staff, and other stakeholders to ensure compliance project deliverables are met.
IT Security Analyst – IV
This role provides complex analysis and accurate and timely assessment of risk metrics. Leads the enterprise's compliance with the HIPAA Security, SOC 2, SOC 1, and other internal audits. Works independently to solve problems, complete special projects, and conduct monthly activities. This individual is responsible for policies, procedures, and risk management governance. Acts as a best practice/quality resource for colleagues with less experience and guides others in resolving complex issues.
Responsibilities
IT Security Analyst – II
Policy Development and Maintenance:
• Manages and ensures Policies are in place to meet relevant federal and state laws and regulations.
• Maintains IT Policies repository and facilitates annual review process.
Internal/External Audit Support:
• Assists internal and external IT audits (SOC2, HIPAA, ITCG) evidence collection.
Risk Assessment and Prioritization:
• Assists in the conducting of risk assessments to identify vulnerabilities within the organization and third-party products.
• Manages Risk Register and mitigation tracking
Reporting and Metrics:
• Develops and reports on information security metrics.
• Presents reports to various stakeholders
IT Security Analyst – III
Policy Development and Maintenance:
• Manages and ensures Policies are in place to meet relevant federal and state laws and regulations.
• Maintains IT Policies repository and facilitates annual review process.
Internal/External Audit Support:
• Assists internal and external IT audits (SOC2, HIPAA, ITCG) including engagement management and evidence collection.
Risk Assessment and Prioritization:
• Conduct risk assessments to identify vulnerabilities within the organization and third-party products.
• Prioritize risks based on impact and likelihood.
• Manages Risk Register and mitigation tracking
Reporting and Metrics:
• Develops and reports on information security metrics.
• Provide insights to senior leadership regarding risk management.
IT Security Analyst – IV
Policy Development and Maintenance:
• Manages policies and recommends new policies based on risk and changes in regulations or processes.
• Develops IT Policies framework and tracking repository and leads annual review process.
Internal/External Audit Support:
• Leads internal and external IT audits (SOC2, HIPAA, ITCG) including engagement management and evidence collection.
Risk Assessment and Prioritization:
• Conduct risk assessments to identify vulnerabilities within the organization and third-party products and presents results to leadership.
• Prioritizes risks based on impact and likelihood and facilitates risk tolerance decisions by management.
• Manages Risk Register and mitigation tracking
Reporting and Metrics:
• Develops information security metrics and recommendations based on identified risks.
• Provide insights to senior leadership regarding risk management.
Qualifications
Qualifications
IT Security Analyst – II
Education and Experience:
- Bachelor's Degree - Information Technology or related field or the equivalent combination of education and experience.
- 3 years relevant IT experience.
Professional Certification(s):
- Certified in Risk and Information Systems Control (CRISC) preferred.
- Certified Information Systems Security Professional (CISSP) preferred.
Technical Skills and Knowledge:
- Intermediate understanding of current technical architecture including but not limited to server, network, application firewall.
IT Security Analyst – III
Education and Experience:
- Bachelor's Degree - Information Technology or related field or the equivalent combination of education and experience.
- 5 years relevant IT experience.
Professional Certification(s):
- Certified in Risk and Information Systems Control (CRISC) Preferred.
- Certified Information Systems Security Professional (CISSP) Preferred.
Technical Skills and Knowledge:
- Intermediate Understanding of current technical architecture including but not limited to server, network, application firewall.
IT Security Analyst – IV
Education and Experience:
- Bachelor's Degree - Information Technology or related field or the equivalent combination of education and experience.
- 7 Years Relevant IT Experience.
Professional Certification(s):
- Certified in Risk and Information Systems Control (CRISC) Preferred.
- Certified Information Systems Security Professional (CISSP) Preferred.
Technical Skills and Knowledge:
- Advanced Understanding of current technical architecture including but not limited to server, network, application firewall.
Medical Mutual's status as a mutual company means we are owned by our policyholders, not stockholders, so we don't answer to Wall Street analysts or pay dividends to investors. Instead, we focus on developing products and services that allow us to better serve our customers and the communities around us.
There's a good chance you already know many of our Medical Mutual customers. As the official insurer of everything you love, we are trusted by businesses and nonprofit organizations throughout Ohio to provide high-quality health, life, disability, dental, vision and indemnity plans. We offer fully insured and self-funded group coverage, including stop loss, as well as Medicare Advantage, Medicare Supplement and individual plans. Our plans provide peace of mind to more than 1.2 million Ohioans.
We're not just one of the largest health insurance companies based in Ohio, we're also the longest running. Founded in 1934, we're proud of our rich history with the communities where we live and work.
We maintain a drug-free workplace and perform pre-employment substance abuse and nicotine testing.
Apply on company website
Find Connections via Linkedin
