The hiring range for this role is:
$165,000.00 - $185,000.00
This is the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the hiring range and this hiring range may also be modified in the future. A candidate’s position within the hiring range may be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, relevant experience, skills, seniority, performance, shift, travel requirements, and business or organizational needs. This job is also eligible for annual bonus incentive pay.
We offer a comprehensive package of benefits including paid time off, 11 holidays, medical/dental/vision insurance, generous 401(k) matching, lifestyle spending account and many other benefits to eligible employees.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.
Job Description Summary
The Director, Systemwide Cybersecurity and Compliance will manage key aspects of implementing our Systemwide Cyber Strategy and governance across 33 Plans and several Non Plan Entities that represent the Blue Cross Blue Shield System. The Director will also provide thought leadership and support to Management in their work with Systemwide CISOs and key internal stakeholders. The goal of this role is to collaborate with stakeholders to design, build, implement, and operate a strategy that meets the needs of the System as well as support the governance, risk and compliance process that is in place to ensure we are aligned, collaborative and providing value. The Director will also be responsible for ensuring that Systemwide strategy, as applicable, is communicated and implemented within the Association. This role offers a great opportunity to interact with CISOs and multi-disciplinary teams from across the Blue Cross Blue Shield System.
Responsibilities include but are not limited to:
Cybersecurity Strategy Development and Implementation
The Director is responsible for creating and managing the processes by which Systemwide Strategy initiatives, examples include measuring cybersecurity maturity and the operational effectiveness of key security controls, are agreed to, defined, and achieved. The Director will lead those initiatives across the System to their intended outcomes on time and within budget and provide analytical and programmatic support as needed. The Director will also support the process of refreshing the cyber strategy every three years to ensure it is current, adding value and reducing systemwide risk.
The Director shall be highly skilled at the following:
- Engaging with leadership in setting strategy and providing insights
- Contributing to thought leadership in tackling a problem(s), Presenting findings to CISOs, Board subcommittees and cross functional teams
- Ability to effectively distill and communicate ideas; Project Management and reporting
- Managing budget and associated contract engagements with vendors
- Risk identification and classification
- Delivering intended outcomes
- Marketing, preparing and socializing communications
- Providing training, education and awareness regarding information security requirements and expectations
- Creating and managing metric programs as well as communicating related insights
- Managing meetings and driving content to keep the focus on intended outcomes
Program Governance, Risk and Compliance
The Director will support governance of two workgroups, who meet quarterly, and are tasked with the following:
- Advising the Association and System on pertinent data security issues.
- Fostering and supporting increased alignment among Blue System CISOs.
- Increasing value through inter-Plan collaboration on security practices and cyber threat intelligence sharing.
- Leverage expertise within the BCBS System on security issues.
The Director shall be highly skilled at the following:
- Preparing and translating policies and standards and monitoring compliance
- Preparing and socializing communications (quarterly newsletter etc.)
- Creating and managing annual communication plans
- Preparing and running surveys followed by distilling and presenting insights
- Risk planning, mitigation, and remediation to address information security deficiencies
- Creating and proofreading materials and findings to ensure clarity and resonance
- Running complex meetings and preparing associated collateral (agenda, minutes, materials)
- Collaborating with procurement, vendors and cross functional teams in planning and executing on program deliverables
- Creating and managing calendars that detail key meetings throughout the year
- Working effectively with others to meet a cyber program objective
- Being an initiative-taker with minimum oversight needed
- Being a collaborator who does not mind getting their hands dirty in some of the tactical aspects of meeting support (creating and distributing name tents, general meeting support etc.)
Required Education, Certifications and Experience:
Education
- Bachelors Degree; Computer science, information systems or related
Certifications
- Certified information Systems Security Professional (CISSP) or like credential (required)
- Certified information Systems Security Professional (CISSP) (preferred)
- Certified Information Privacy Professional (CIPP) (preferred)
- Certified Information Security Manager (CISM) (preferred)
- Certified Information Security Auditor (CISA) (preferred)
Experience
- A minimum of eight (8) years of experience in information security and program oversight
Skills
Critical competencies for success:
- Leadership skills: Must have the proven ability to lead the development, planning, coordination, and monitoring of information security risk management-related process, technology, and operations, and be a key part of the team’s leadership for governance aspects of information security. Must be able to communicate effectively regarding security, privacy, risk, and compliance to senior business leaders and fellow team members. As trusted counsel to senior management, the role requires a highly resourceful individual with emotional intelligence, self-motivation, and strong analytical and communication skills who is also willing to roll up their sleeves to support where needed.
- Security knowledge: Able to draw upon proven experience to recommend and gain buy-in to numerous information security initiatives. Ability to lead a team by demonstrating subject matter expertise. This individual is able to represent the interests of the organization, gain support from stakeholders and formalize acceptance through the creation and adoption of policies, standards, and guidance.
- Ability to deliver: This individual will have the proven ability to lead complex projects across various business and functional departments as they pertain to risk and security matters. Ability to create a project management mindset with clear objectives, goals, processes, and measurable outcomes.
- Risk-based methodology: Must demonstrate acute application of risk-based decision-making. This person should enable business decisions and strategy yet strike a balance between the desires of the business and the risk-profile required to protect information assets.
People Management
No
#LI_HYBRID