We take great strides to ensure our employees have the resources to live well, be healthy, continue learning, develop skills, grow professionally and serve our local communities. We invite you to apply for a career with Blue Cross.
Please note that effective Jan. 4, 2022, Blue Cross and Blue Shield of Louisiana implemented a policy requiring any employee who enters any of our offices or who interacts in person with anyone for company business purposes to be fully vaccinated for COVID 19, unless legally entitled to a reasonable accommodation related to religious or medical exemptions. At this time, that policy is suspended and vaccination is not required to enter our facilities. Please note this is subject to change at any point in time to ensure compliance with company policy or government mandates and certain client facing roles may have separate protocols.
Residency in or relocation to Louisiana is preferred for all positions.
This position shall be primarily responsible for managing the physical security access control operations, end-user identification, credentialing, and authorization for physical access of employees, contingent workers, contractors, and/or individuals to BCBSLA facilities. Responsible for the identification, interpretation, and clarification of business requirements and the management of operational functions. Manages the development, maintenance, continual improvement of workforce identity governance operations for physical access of individuals to meet current & future business operations and audit requirements. Accountable for complying with all laws and regulations associated with duties and responsibilities.
This position is further responsible for ensuring access control policies, processes and procedures are directly aligned with and support any standards, requirements, controls and/or security measures implemented by the Physical Security Department. Responsible for collaborating with internal and external stakeholders for input and information while coordinating with Physical Security management in the overall review and revision of physical security and access control policies and procedures. This position shall utilize their knowledge of physical security technology systems, including visitor management systems, to ensure processes are robust, appropriate, scalable, and, when possible, automated.
This position assists teams and business areas with questions related to access control. In this role, the position will provide guidance and training to staff. Complies with all laws and regulations associated with duties and responsibilities.
NATURE AND SCOPE
- This role does not manage people.
- This role reports to this job: DIRECTOR, CORPORATE SAFETY, PHYSICAL SECURITY & BUSINESS CONTINUITY
- Necessary Contacts: To do this job effectively, the candidate will work cross-functionally with internal and external customers to include all levels of BCBSLA employees & management, consultants, vendors, and industry peers.
- Bachelor's in Business Administration/Business Management, Criminal Justice, Computer Science, or any other related field is required.
- Four years of related experience can be used in lieu of a bachelor’s degree.
- CISSP certification may also substitute for the bachelor’s degree.
- 5 years of experience within physical security and/or access control operations, required. Requires in-depth knowledge of physical security electronic access control systems, access management software, visitor management software, role-based access control (RBAC), identity and access management systems and/or access control operations.
- 2 years of experience in regard to compliance and regulatory requirements (such as HIPAA, SOC2, etc.) required within the physical security industry while working closely with internal/external auditors and stakeholders.
Skills and Abilities
- Requires in-depth knowledge of identity & access management systems & operations. Require prior experience working in regulated & audited workforce identity management & governance operations such as HIPAA, SOC2, PCI, SOX, etc.
- Must have proven experience working with commercial enterprise identity access management products, including development of solutions for identity management, user provisioning & de-provisioning, role-based access, access certifications & attestations.
- Must have proven experience working closely with auditors, regulators, and senior stakeholders. Experience in defining, developing and/or monitoring security operations metrics is required. Must have experience in gathering, documenting, and analyzing business requirements and developing security solution options. Working knowledge of NIST and ITIL frameworks and industry best practices is preferred.
- Must have knowledge of project management practices such as efficiently planning and prioritizing activities, multi-tasking, and proficiently assisting with multiple projects simultaneously.
- Excellent organizational, verbal and communication skills are required. Must demonstrate strong problem-solving skills while performing research capabilities in a competent and professional manner with minimal direction.
- Ability to work with a diverse and multi-disciplinary team and work proficiently in a fast-paced demanding environment.
- Must be proficient in Microsoft Office products (e.g. Word, Excel, PowerPoint, and Outlook) and or Program Management Software (e.g. MS Project). Working knowledge and competent use of SharePoint is preferred.
- This position requires 24/7 availability should there be any emergencies requiring response outside of normal business hours.
Licenses and Certifications
- Certifications in identity or access management or an advanced professional degree is preferred.
- Candidate must be willing to obtain a certification within the first year specifically including the Certified Identity and Access Manager (CIAM), Certified Identify Management Professional (CIMP), and/or the Certified Access Management Specialist (CAMS). CISSP certification may substitute.
- Driver's license and own transportation is required in order to drive to and from satellite locations.
ACCOUNTABILITIES AND ESSENTIAL FUNCTIONS
- Directs the end-user identification, authorization, and access control functions to ensure the safekeeping and protection of facilities and physical assets in a 24x7 support organization. Provides expert guidance in the development and implementation of operational physical access security safeguards and protective measures. Acts as a subject matter expert on key principles of Identity and Access Management with an in-depth knowledge including Authentication and Authorization controls, Identity Lifecycle Management, and Identity Governance. Maintains working knowledge of physical access control systems, access levels, Multi-Factor Authentication (MFA), & Role Based Access Control (RBAC). Manage SLAs and provide opportunities for continuous process improvement opportunities.
- Provides daily oversight and directs the operations for identity and access management. Manages and directs the identification and authorization of physical security access control functions to include, but not limited to:
- Authorizing and overseeing the access control and ID badge process for employees, contingent workers, service personnel, vendors and/or visitors.
- Maintaining process(s) for deactivation of authorization and access.
- Overseeing and maintaining information database(s) for the physical security system (employee ID card system) to prevent unauthorized access to any BCBSLA facility or its premises (buildings, departmental access and/or parking)
- Ensuring confidentiality and security of any and all HR Information (Personal employee information through system security protocol).
- Implementing best practices and procedures to continue to support and maintain physical security safeguards for the organization
- Acts as a subject matter expert on key principles of identity and access management with an in-depth knowledge of authentication and authorization controls, identity lifecycle management and governance.
- Analyzes current processes and supporting technologies/systems to ensure operations fully support and meet the business demands and requirements.
- Coordinates with Physical Security departmental staff and managementto ensure access control and technology projects are effectively managed and completed within designated timelines. Demonstrates effective and timely communication to stakeholders, management teams and vendors, as applicable, regarding project status, issues, plans, etc. to meet business needs and expectations.
- Conducts audit activities to ensure operations meet security industry standards and remain in compliance to include, but not limited to:
- Maintaining ongoing reporting activities through data collection as well as conducting ongoing research to assist with development of program plans
- Generating various reports and maintaining associated documentation for internal and external sources for operational audits (OIG, OGB, URAC, SOC I & 2, etc.)
- Working with auditors on issues related to access management
- Conducting audits of the employee identification system quarterly to ensure accuracy as required by numerous audits.
- Works collaboratively with other team members of the Physical Security Department and Administrative Services Division to assist in the detection and mitigation of Physical Security incidents and/or other disruptive events.
- Maintains and oversees access control incidents, ensures exception reports are provided as needed, and implements any after action for potential risks and/or process gaps identified. Conducts risk assessments in regard to physical security access control operations.
- Maintains continuity planning and further development of contingencies to ensure protective measures remain in place for access control during any type of incident or disruption to include, but not limited to:
- Identifies and manages the business impacts, recovery time objectives and strategies for the continuation of critical business functions during any type of interruption.
- Develops and maintains the physical security access control continuity plan while continuing to develop and maintain policies, procedures, and other documentation.
- Identifies and completes a business impact analysis (BIA) for access control risks while recommending mitigation strategies to reduce such risks.
- Responsibilities further include applying independent and specialized technical expertise to support a wide range of business objectives including development, integration, and execution of multi-disciplinary business processes. Works cross functionally with internal and external customers, vendors, and staff at all levels.
Additional Accountabilities and Essential Functions
The Physical Demands described here are representative of those that must be met by an employee to successfully perform the Accountabilities and Essential Functions of the job. Reasonable accommodations may be made to enable an individual with disabilities to perform the essential functions
- Perform other job-related duties as assigned, within your scope of responsibilities.
- Job duties are performed in a normal and clean office environment with normal noise levels.
- Work is predominately done while standing or sitting.
- The ability to comprehend, document, calculate, visualize, and analyze are required.
An Equal Opportunity Employer
All BCBSLA EMPLOYEES please apply through Workday Careers.
PLEASE USE A WEB BROWSER OTHER THAN INTERNET EXPLORER IF YOU ENCOUNTER ISSUES (CHROME, FIREFOX, SAFARI)
Please be sure to monitor your email frequently for communications you may receive during the recruiting process. Due to the high volume of applications we receive, only those most qualified will be contacted. To monitor the status of your application, please visit the "My Applications" section in the Candidate Home section of your Workday account.
In support of our mission to improve the health and lives of Louisianians, Blue Cross encourages the good health of its employees and visitors. We want to ensure that our employees have a work environment that will optimize personal health and well-being. Due to the acknowledged hazards from exposure to environmental tobacco smoke, and in order to promote good health, our company properties are smoke and tobacco free.
Blue Cross and Blue Shield of Louisiana performs background and pre-employment drug screening after an offer has been extended and prior to hire for all positions. As part of this process records may be verified and information checked with agencies including but not limited to the Social Security Administration, criminal courts, federal, state, and county repositories of criminal records, Department of Motor Vehicles and credit bureaus. Pursuant with sec 1033 of the Violent Crime Control and Law Enforcement Act of 1994, individuals who have been convicted of a felony crime involving dishonesty or breach of trust are prohibited from working in the insurance industry unless they obtain written consent from their state insurance commissioner.
Additionally, Blue Cross and Blue Shield of Louisiana is a Drug Free Workplace. A pre-employment drug screen will be required and any offer is contingent upon satisfactory drug testing results.