Lead Cyber Security Analyst (Hybrid)

Company Overview

CareFirst: Our name reflects our commitment to over 3.5 million people who trust us with their healthcare. We envision affordable, accessible, quality care for all, the same standard we expect for ourselves and our loved ones.

Daily, we make a real impact in our communities, addressing complex healthcare needs with empathy and urgency. We simplify processes, provide tailored solutions, and innovate for those we serve.

Important: Be aware of recruitment fraud. Legitimate CareFirst recruiters will only contact you via “@carefirst.com” email addresses and will never request payment or sensitive personal information through unsecured channels.

Independent licensee of BCBSA.

About the Job:

Purpose: Safeguard organizational data from unauthorized access, disclosure, or damage. Champion and implement Cybersecurity team processes while supporting business and customer needs.

Responsibilities:

• Lead regular network and system security assessments (intrusion, vulnerability, configurations).
• Develop indicator assessment procedures based on cybersecurity policies and protocols.
• Design technical solutions for network protection, endpoint security, access control, auditing, and log management; resolve issues through technical analysis.
• Prevent network damage and restore communication systems.
• Collaborate with the security community for cyber threat intelligence; research emerging threats and countermeasures.
• Lead the implementation of day-to-day security incident detection and reporting strategies.
• Participate in quality assurance policy development.

Qualifications:

• Bachelor’s Degree in Computer Science, Cybersecurity, IT, or related field; OR 4 additional years of relevant experience in lieu of a degree, plus required experience.
• Experience: 8 years related experience OR cybersecurity certification and 5 years related experience.

Preferred Qualifications:

• Advanced degree in IT or cybersecurity or equivalent experience.
• Knowledge of frameworks/regulations like NIST, HIPAA, HITRUST, FedRAMP, ISO 27001, GDPR, CCPA, etc.
• Experience developing SSPs based on NIST and FedRAMP.
• Experience with security tools (IPS/IDS, firewalls, SIEM, vulnerability scanners, EDR/XDR, cloud security, etc.).
• Experience in security/privacy risk assessments, audits, and risk exception handling.
• Familiarity with security attestation documents (SIG, SOC2).
• Skilled in collaborating with stakeholders to assess cybersecurity, identify gaps, and develop solutions.
• Disciplined in change management practices.
• Subject matter expertise in Application, Data, and Network Security.
• Experience responding to audit requests and communicating with auditors.
• Experience with enterprise risk registers and cost/benefit analysis.
• Experience with GRC/ITRM systems.
• Excellent written and verbal communication skills for developing standards, SOPs, and policies.
• Strong interpersonal skills for building consensus and resolving issues.
• Proven experience supporting security risk teams and peer management.
• Advanced written and verbal communication skills.
• Excellent organizational, analytical, and problem-solving skills; ability to manage multiple projects.
• Ability to anticipate security governance needs.
• Knowledge of AGILE/Waterfall SDLC.
• Excellent MS Office skills.
• Understanding of data analysis and modeling.
• Knowledge of cloud security controls (AWS/Azure).
• Experience in the healthcare insurance industry (BCBS plans).

Knowledge, Skills, and Abilities (KSAs):

• Ability to manage multiple tasks with minimal supervision.
• Ability to explain technical information to diverse audiences.
• Knowledge of cybersecurity risk management techniques and network/firewall security.
• Understanding of business needs and commitment to quality service.
• Ability to thrive in a fast-paced environment with changing priorities.