Blue Cross Blue Shield Of Tennessee

Sr. Information Security Governance, Risk and Compliance Analyst

US-AnywhereRemote in Chattanooga, TN
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor’s degree in a relevant field or equivalent experience required.
  • 5 years of professional experience in Information Security, with at least 2 in Governance, Risk, and Compliance (GRC).
  • Experience with AI-enabled tools for automating GRC processes preferred.
  • One or more certifications such as CISSP, CISA, or CISM highly preferred.
  • Strong interpersonal skills with ability to communicate to technical and non-technical stakeholders.

Responsibilities

  • Lead SOC 2 audit support by coordinating activities and engaging with auditors.
  • Manage and validate control frameworks to ensure alignment with Trust Services Criteria and NIST.
  • Track audit findings and oversee remediation efforts for timely issue closure.
  • Develop and maintain NIST System Security Plans (SSPs) with updates on controls and boundaries.
  • Drive security awareness initiatives through training and phishing simulations.
  • Manage the lifecycle of security policies and documentation for compliance readiness.
  • Conduct risk assessments, maintain risk registers, and monitor vendor risks.

Benefits

  • Remote work opportunity with flexible scheduling.
  • Participation in an on-call rotation for risk management support.
  • Strong emphasis on collaboration within cross-functional teams.
  • Opportunity to influence the security governance framework in a reputable organization.
Full Job Description
In this role, you will help strengthen and mature BCBST’s information security governance program by leading risk management, compliance, and assurance initiatives across the enterprise. You will serve as a key contributor in developing and maintaining Systems Security Plans (SSPs), beginning with enterprise-level security plans and extending into application-specific security documentation. You'll partner with technology and business stakeholders to support audit readiness efforts, manage security controls, assess risk, and ensure alignment with industry frameworks and regulatory requirements. This role plays an important part in protecting organizational assets while helping BCBST maintain a strong security and compliance posture. To be successful in this role, in addition to the core job requirements, you'll bring strong cybersecurity knowledge, exceptional technical writing skills, and experience translating complex security requirements into clear, actionable documentation. You will be a strong candidate for this role if you have experience developing Systems Security Plans (SSPs), supporting audit and compliance activities, working with security frameworks and control management programs, and collaborating across technical teams to manage risk. Professional certifications such as CISA, CISM, or CISSP are highly preferred and will help distinguish top candidates. Note: - This is a remote, work-from-home position, but the final round of interviews will take place on-site in our Chattanooga, TN office. - Candidates must be able to work Eastern Time Zone business hours. - Participation in an on-call rotation is required for approximately two weeks every 30 weeks. - Sponsorship is not available for this role. Job Responsibilities - Lead SOC 2 Audit Support – Coordinate audit activities including evidence collection, control validation, and auditor engagement. - Manage and Validate Control Frameworks – Maintain control documentation, mappings, and narratives while partnering with control owners to ensure effectiveness and alignment with Trust Services Criteria and NIST frameworks. - Track Audit & Remediation Activities – Oversee audit findings, remediation efforts, and timely closure of issues. - Develop & Maintain NIST SSPs – Create and update System Security Plans (SSPs), including control implementations, inheritance, and system boundaries. - Drive Security Awareness Programs – Design and manage training initiatives, including phishing simulations and targeted campaigns. - Manage Policies & Governance Documentation – Oversee the full lifecycle of security policies, standards, and procedures to ensure compliance and audit readiness. - Conduct Enterprise & Third-Party Risk Management – Perform risk assessments, maintain risk registers, execute vendor risk assessments, and monitor remediation. - Oversee Vulnerability Management – Track vulnerability remediation against SLAs and collaborate with teams to mitigate risks. - Support Customer Security Assurance – Respond to RFPs and security questionnaires, ensuring accurate, compliant, and consistent security representations. - Leadership – Leads by example, actively supporting initiatives across all GRC areas while fostering a culture of collaboration and shared accountability. Job Qualifications Education - Bachelor’s degree in a relevant field or an equivalent of four years of experience is required.  Experience - 5 years - Professional experience in Information Security or related IT roles with security-related responsibilities, including at least 2 years focused on Governance, Risk, and Compliance (GRC) functions. - Experience leveraging AI-enabled tools to automate and enhance GRC processes, improving efficiency, consistency, and scalability of governance, risk, and compliance activities preferred. Skills/Certifications - Preferred, one or more of the following certifications required: CISSP, CRISC, CISA, or CISM. - Ability to assess and document organizational risks, including identifying impacts and recommending mitigation strategies. - Ability to interpret and apply regulatory requirements and industry frameworks (e.g., NIST, SOC 2, HIPAA) to organizational controls. - Ability to analyze security, compliance, and risk metrics to identify trends and drive continuous improvement. - Ability to communicate complex risk and compliance concepts clearly to both technical and non-technical stakeholders. - Ability to collaborate effectively across cross-functional teams to integrate governance, risk, and compliance practices into business processes. - Exceptional time management skills. - Excellent oral and written communication skills. - Strong interpersonal skills and ability to cultivate relationships with internal and external stakeholders, promoting diversity of people, perspectives and ideas. - Ability to work with all levels of staff and management. N/A Number of Openings Available 1 Worker Type: Employee Company: BCBST BlueCross BlueShield of Tennessee, Inc.

About Blue Cross Blue Shield Of Tennessee

BlueCross BlueShield of Tennessee is a non-profit health insurance company that provides coverage to more than 3.5 million people. The company was founded in 1945 and is headquartered in Chattanooga, Tennessee. BlueCross BlueShield of Tennessee offers a variety of health insurance plans, including individual and family plans, Medicare plans, and employer-sponsored plans. The company is committed to improving the health and well-being of its members and the communities it serves.
Learn more about Blue Cross Blue Shield Of Tennessee
Size
5,000 employees
Industry
Founded
1945

Similar Jobs

More Jobs at Blue Cross Blue Shield Of Tennessee

More Information Technology Jobs

Find similar Sr. Information Security Governance, Risk and Compliance Analyst jobs: