Aetna Sr Information Security Risk Analyst in Cranberry, Pennsylvania

Req ID: 38864BR


The Senior Security Risk Analyst is a vital contributor to Aetna's Security Risk Management process whose mission/purpose is to help Aetna effectively manage security risk over time. This position is responsible for security risk management operations including facilitating the identification, reporting, management and remediation of security risks companywide. This includes facilitating and improving processes to identify, track, report and communicate threats and vulnerabilities that contribute to security risk. The Senior Security Risk Analyst operates/runs security risk management according to established policies and standards and will identify, recommend, and assist with implementing improvements to Aetna's security risk management processes and controls.

FUNDAMENTAL COMPONENTSContribute to the rollout and optimization of an Information Security Risk Management program to remain effective and relevant through identification, implementation and refinement of critical processes, solutions, policies, procedures KPIs/KRIs and other techniques.Subject matter expert and lead risk based and security analysis to proactively identify issues/gaps and lead initiatives to improve overall Information Security function. Identify new or implement changes to techniques (policies, procedures, KPIs, KRIs, tools, etc.) and processes for the Security Risk Management program to remain relevant (changing risk and threat landscape and Business requirements, etc.) and effective.Partner with Global Security teams as well as other IT and business areas to identify, assess report and oversee the remediation of security risks.Communicate clearly and effectively about information security risk management issues.Develop/maintain Security Risk Management policy, effective use of KPIs to drive the GSRM program. Monitor changes to information security overall and proactively identify the need for changes to existing policies and procedures based on changes to the security risk landscape. Ensure compliance with all applicable internal and external Information Security requirements.Clear understanding of risk management practices in general and security risk management best practices and methodologies specifically.Demonstrate awareness of all information security trends, vulnerabilities, including and especially those influencing the health care industry.Advocate for risk management practices to drive a risk based culture. Apply critical thinking, critical judgment and risk based decision making on all core functional requirements. Build and maintain knowledgebase, process documentation and give training.

BACKGROUND/EXPERIENCE DESIRED 5+ years Information Security experience, at least half of which is large enterprise environment experience.3+ years direct experience with Security Risk Management programs/processes.Knowledge of security risk management frameworks and standards.Familiarity and experience with Enterprise Risk Management is a plus. CISSP and/or CISA/CISM certification a plus.


The minimum level of education desired for candidates in this position is a Bachelor's degree or equivalent experience.


Information Management/Certified Information Security Manager (CISM) is desired

Information Management/Certified Information Systems Security Professional (CISSP) - - sponsored by International Information Systems Security Certification Consortium is desired

Information Management/Certified Information System Auditor is desired


Functional - Information Technology/Security/4+ Years

Functional - Finance/Audit - system development/1+ Years


Technology/Leveraging Technology/MASTERY

Technology/Selecting and Applying Technology Solutions/ADVANCED

General Business/Ensuring Project Discipline/MASTERY


Leadership/Anticipating and Innovating/MASTERY

Telework Specifications:

Flexible telework / office-based schedule (must live near certain office location): Hartford CT, Phoenix, Az Cranberry PA, West Sacramento CA, Chicago IL


Security Risk Management is a vital/core component of Aetna's industry leading information security program.

As the Senior Security Risk Analyst, the chosen candidate for this position will be 'in the middle' of Aetna's security risk management process with broad visibility and the ability to influence and make improvements that benefit all of Aetna and our members.

Aetna is about more than just doing a job. This is our opportunity to re-shape healthcare for America and across the globe. We are developing solutions to improve the quality and affordability of healthcare. What we do will benefit generations to come.

We care about each other, our customers and our communities. We are inspired to make a difference, and we are committed to integrity and excellence.

Together we will empower people to live healthier lives.

Aetna is an equal opportunity & affirmative action employer. All qualified applicants will receive consideration for employment regardless of personal characteristics or status. We take affirmative action to recruit, select and develop women, people of color, veterans and individuals with disabilities.

We are a company built on excellence. We have a culture that values growth, achievement and diversity and a workplace where your voice can be heard.

Benefit eligibility may vary by position. Click here to review the benefits associated with this position.

Job Function: Information Technology