Excellus BCBS · 14 hours ago
Information Risk & Compliance Analyst I/II
Elmira, NY
Full-time
Onsite
Entry, Mid, Senior Level
$65K/yr - $118K/yr
3+ years expExcellus BCBS is seeking an Information Risk & Compliance Analyst to support their Enterprise-wide Information Risk & Compliance disciplines. The role involves managing information security policies, risk assessments, and compliance programs while collaborating with various teams to enhance security practices.
Non ProfitHealthcareHealth InsuranceHealth Care
Responsibilities
Works with teams to continuously improve and update services to ensure they stay ahead of information security and compliance trends
Collaborates with external auditors or other inbound requests as needed
Performs and/or supports any aspect of Information Risk & Compliance activities (i.e., policy development, security awareness, 3rd party assessment, internal control evaluations, risk assessments, issue management, etc.)
Contributes to cyber regulatory compliance at state and federal jurisdictions
Assists with issues relating to Information Risk including the development of procedures, plans, and security forms to aid the information security program, as well as monitoring and response to unexpected information security control changes across the environment
Contributes input to the Organization’s Cybersecurity program performance metrics
Creates and updates standard operating procedures for assigned security controls, applications, and platforms
Develops materials for Enterprise Security Awareness & training
Executes and supports Cybersecurity program initiatives, such as maintaining processes and workflows such as access certification
Participates in various oversight Committee meetings, generates agenda and meeting content
Plans and executes audits or control testing of technology platforms, evaluates information systems’ internal controls, and works collaboratively with management to identify and facilitate corrective actions
Provides monitoring, guidance and direction on security controls, policy, and practices to key stakeholders
Responds to internal customer queries, reports and/or requests relating to IT controls, policies, and standards
Performs review of change management deployments
Defines and supports Service Level Agreements (SLA)s and Key Performance Indicators (KPIs)
Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs
Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures
Regular and reliable attendance is expected and required
Performs other functions as assigned by management
Acts as a change agent to educate the enterprise on Cyber Risk & Information Security Policies and Controls
Independently manages intake activities, recommends, and executes on intake optimization already noted in level I
Pinpoint strengths and areas for improvement related to organizational security posture and risk management acceptance
Plans and executes complex audits of technology platforms, evaluates information systems’ internal controls, and works collaboratively with management to identify and facilitate corrective actions
Conducts complex data & cybersecurity risk assessments
Participates in various committees to establish oversight for cyber, data and risk of the organization
Supports various risk assessments for information management controls
Mentors and trains Information Risk & Compliance Analyst level I
Performs as the Subject Matter Expert for majority Information Security Identity management technologies, controls, processes, and practices internally to the Health Plan, and externally in the industry
Assists stakeholders with complex security risk assessments
Mentors and trains Level II Analysts
Serves as the “go-to” person in the absence of the manager. Provide input to manager on team performance
Qualification
Required
Three (3) years of information risk, compliance or related experience
Associate's degree in computer science, Information Technology, or relevant field. In lieu of degree, three (3) additional years of related experience required
Excellent communications skills with the ability to present clear and concise information to all levels and technical ability
Able to work both independently and as part of a team
Strong ability to articulate business risks relating to technical issues for both technical and non-technical audiences
Strong knowledge of IT and IS Oversight Risk and Compliance (GRC) best practices and regulatory/industry requirements
Intermediate knowledge required of various information security regulations, frameworks, and/or industry standards such as but not limited to: Regulation: HIPAA/HITECH, GLBA/FFIEC Examination Handbook, NAIC MAR/SOX, NYS DFS Cybersecurity Regulations; Framework: COSO, COBIT, NIST Cybersecurity Framework (CSF); Industry Standard: PCI/DSS, NIST SP 800-53/30, SSAE 18, ISO, HITRUST
Experience in the design and evaluation of internal controls or similar project controls
Experience in the creation, review, and lifecycle management of IT policies, processes, and procedures
Demonstrated skill in risk assessment, both quantitative and qualitative
Familiarity with maturity models as aids to gap assessment and remediation planning
Strong critical thinking skills with ability to act independently and exercise good judgment, as well as the ability to work cross-functionally and create virtual teams
Maintains current knowledge of the latest and newest Cyber Risk & Information Assurance technologies and identifies and researches for enhancement options and process improvements
One information security certification such as but not limited to: Security +, CISSP, CISM, CISA, CDPSE, CGEIT, CDMP, GSEC, CRISC, preferred
Preferred
Strong leadership or mentorship experience preferred
Two or more certifications listed under level 1 preferred
Benefits
Participation in group health and/or dental insurance
Retirement plan
Wellness program
Paid time away from work
Paid holidays
Company
Excellus BCBS
Excellus BlueCross BlueShield, a nonprofit independent licensee of the BlueCross BlueShield Association, is part of a family of companies that finances and delivers vital health care services to about 1.5 million people across upstate New York.
5001-10000 employees
H1B Sponsorship
Excellus BCBS has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3)
2024 (18)
2023 (12)
2022 (15)
2021 (17)
2020 (20)
Funding
Current Stage
Late StageLeadership Team
Jeremy Donath
Director, Provider Reimbursement Analytics & Operations
Recent News
Rochester Business Journal
2026-01-03
Rochester Business Journal
2025-12-07
Rochester Business Journal
2025-12-05
Company data provided by crunchbase