Information Risk Advisor

Company: enGen Job Description: JOB SUMMARY As an Information Risk Advisor, you will play a critical role in enhancing Highmark's information security framework through effective governance, control assurance, and policy management. This position will focus on building and maintaining strong security controls, ensuring compliance with standards such as HIPAA, NIST CSF 2.0, PCI DSS, and SOC. You'll also support the integration of cybersecurity measures during mergers and acquisitions, ensuring alignment of security requirements throughout both pre- and post-acquisition processes. Your expertise will help interpret complex regulatory and contractual obligations, collaborate with team members, and engage with cross-functional stakeholders to promote governance excellence. ESSENTIAL RESPONSIBILITIES Conduct Information Risk Assessments as assigned, collecting and reviewing necessary documentation through interviews and analysis. Document and communicate risk assessment findings clearly to requestors, security architects, and management. Develop risk scoring based on various factors such as threat, vulnerability, likelihood, impact, and security controls. Assist in maintaining an inventory of the risk register, tracking scores and associated risk statements. Follow up on exceptions, risk acceptance, corrective action plans, and additional mitigation activities. Communicate risk treatment methodologies effectively to appropriate groups. Collaborate on projects to apply security architecture requirements, develop solutions, and assess risks for security gaps. Support HM Health Solutions teams in creating and maintaining procedural documentation that complies with standards like PCI-DSS, HITRUST, and ISO 27001. Prepare and present solution presentations to various management levels and technical backgrounds. Take the lead in ensuring compliance with required standards, procedures, and guidelines as necessary. Perform other duties as requested. REQUIRED EDUCATION Bachelor's Degree in Information Security, Information Systems, Information Assurance, Computer Science, or a related field. Substitutions At least 7 years' experience in Information Security, Governance, Risk, or Compliance. PREFERRED EDUCATION Master's Degree in Computer Science, Information Security, or a related field. EXPERIENCE Minimum: 3 - 5 years' experience in Information Security, Information Risk Management, or Information Technology. 1 - 3 years' experience in Information Security Governance, Risk, or Compliance. 1 - 3 years' experience in communicating and presenting Information Security and Risk Management concepts to diverse audiences. Familiarity with technologies such as IPS, firewalls, endpoint protection, web/email filtering, DLP, DRM, encryption, SEIM, and virtualization platforms. Preferred: 5 - 7 years' experience in Information Security or Information Risk Management, including effective policy lifecycle management ensuring alignment with HIPAA, NIST CSF 2.0, and other regulations. Experience with control assurance and improving cybersecurity maturity through gap remediation. Strong background in applying security policies and regulatory requirements in complex environments. Experience with cybersecurity governance activities, including cross-functional coordination and contributing to executive dashboards. Familiarity with governance tools and platforms, such as RSA Archer (GRC) and policy management systems. KNOWLEDGE, SKILLS & ABILITIES Knowledge of HITRUST CSF, NIST 800-83, PCI, HIPAA, HITECH, COBIT, ISO 27001/2, and ITIL 3. Knowledge of NIST Risk Assessment methodology. Understanding of secure SDLC best practices. Familiarity with OCTAVE or OCTAVE Allegro risk methodology. Ability to work collaboratively in high-performing, multi-disciplinary teams. Excellent teamwork and interpersonal skills. REQUIRED LICENSURE None PREFERRED LICENSURE Industry certifications, such as Security+, GSEC, CySA+, or progress towards CISSP, CISM, CISA, or SANS certifications. TRAVEL REQUIREMENT: 0% - 25% LANGUAGE REQUIREMENT (other than English)? None PHYSICAL, MENTAL DEMANDS AND WORKING CONDITIONS (The physical and mental demands described here are representative of what must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations will be made as necessary for individuals with disabilities, as long as they do not cause undue hardship.) Position Type: Office-Based Office-Based Positions An employee in this role works in an office environment and must communicate effectively both within and outside the organization. They must interpret and analyze data, solve problems, focus, and utilize technological resources. The position involves multitasking, prioritizing, and meeting deadlines. Regular attendance and adherence to workplace policies are essential. This role may require availability outside standard business hours. ADDITIONAL INFORMATION The displayed salary range for this position is between $67,500.00 and $126,000.00, determined by various factors, including qualifications and experience. Highmark Health prohibits discrimination based on veteran status, disability, or any protected category under law. Accommodations can be requested through HR Services Online.

Created: 2026-03-12