Resp & Qualifications
PURPOSE:
The Directory, Cybersecurity Strategy is responsible for partnering with the Chief Information Security Officer (CISO) in maintaining a corporate-wide cybersecurity program and organization. Reporting directly to the CISO, the Directory, Cybersecurity Strategy will work with all areas of CareFirsts business to mature and communicate a shared vision for a "best in class" cybersecurity program. This will be done by establishing and executing a robust cybersecurity strategy to support continuous business enablement, while ensuring the confidentiality, integrity, and availability of the company's information, information assets, and related technology from cyber threats. A fundamental component to success is proactive risk management where the roadmap reflects the balance between risks and controls, with transparency, to support informed, risk-based decisions, in alignment with CareFirsts risk appetite and tolerance as defined by the company's Enterprise Risk Management function.
Responsibilities include, but are not limited to, cybersecurity strategy, program coordination and execution, awareness and outreach, internal and external relationship management, and reporting on information security program effectiveness. This position requires an experienced leader with strong business insight and a working knowledge of information security technologies, policies, practices, and their application to the advancement of CareFirsts mission and vision in support of our business. The Directory, Cybersecurity Strategy is comfortable interacting with the most senior levels of the organization and as peer-advisor to CareFirsts business leaders while collaborating with key stakeholders in Legal, Risk, Privacy and Compliance.
The Directory, Cybersecurity Strategy will support the CISO in:
- Representing the security program and state of security across a wide range of stakeholders including, but not limited to, the workforce, customers pre/post sales, regulators, executive management, and the board.
- Ensuring compliance and the successful assessment/audit of compliance against the cybersecurity aspects of applicable regulations and contracts.
- Working with the appropriate stakeholders to lead and manage any remediation or improvement initiatives.
- Acting as the primary contact regarding technical aspects of the incident to management, customers, board, regulators, and other key stakeholders.
- Partnering with other Cybersecurity Strategy functions and Deputy CISOs across Blue Plans to uphold and enforce systemwide security.
- Cultivating relationships and representing CareFirst with external contacts and agencies (e.g., CISA, FBI, etc.)
- This role has accountability for the enterprise and any applicable subsidiaries.
ESSENTIAL FUNCTIONS:
- Support the refinement, delivery, and overall operating model against the security roadmap and three-year risk-based cybersecurity strategy to enable the business vision while ensuring the confidentiality, integrity, and availability of the environment from cybersecurity threats.
- Proactively communicate with internal and external stakeholders on importance of cybersecurity, their role in securing the company, and relevant risks. Ensure that the workforce and extended partners have the appropriate training, education, awareness, and tools to securely perform their functions and understand the necessity of the relevant controls.
- Oversees the strategic and the day-to-day activities of the Department, including directing, coaching, and guiding employees to implement departmental, divisional, and organizational mission/goals. Recruits, retains, and develops a high performing team. Develops annual goals, and prepares, monitors, and analyzes variances of departmental budgets to control and appropriately allocate resources.
SUPERVISORY RESPONSIBILITY:
This position manages people.
QUALIFICATIONS:
Education Level: BS/MS of Computer Science, Information Technology, Risk Management, or related fields and/or relevant experience OR in lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.
Experience: 8 years Related professional experience 3 years Management experience.
Preferred Qualifications: Knowledge, Skills and Abilities (KSAs) Salary Range: $161,280 - $299,376 Salary Range Disclaimer The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the work is being performed. This compensation range is specific and considers factors such as (but not limited to) the scope and responsibilites of the position, the candidate's work experience, education/training, internal peer equity, and market and business consideration. It is not typical for an individual to be hired at the top of the range, as compensation decisions depend on each case's facts and circumstances, including but not limited to experience, internal equity, and location. In addition to your compensation, CareFirst offers a comprehensive benefits package, various incentive programs/plans, and 401k contribution programs/plans (all benefits/incentives are subject to eligibility requirements). Department Equal Employment Opportunity CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information. Where To Apply Please visit our website to apply: www.carefirst.com/careers Federal Disc/Physical Demand Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs. PHYSICAL DEMANDS: The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted. Sponsorship in US Must be eligible to work in the U.S. without Sponsorship #LI-HS1