Description
Humana's Associate Vice President (AVP), Technology and Cybersecurity Risk works closely with all areas of Enterprise Information Protection (EIP), Internal Audit, Enterprise Risk Management, business units, regulatory agencies, and industry groups to ensure the company's technology and cybersecurity risks are effectively managed and compliance objectives are achieved. In addition, this leader supports Humana senior leaders in ensuring that pro-active risk governance processes are implemented and effectively followed. This role will play a key role in ensuring Humana's risk and compliance processes effectively drive high-value outcomes for the company.
The AVP will report directly to the Vice President, Technology and Cybersecurity Risk Management and will lead a multi-level team of 30 members.
Responsibilities
Key Responsibilities include, but are not limited to:
- Serve as a senior risk leader, engaging with executives across the company to drive effective risk dialogues and outcomes.
- Direct the development of risk management programs, including managing the risk framework, performing control testing and risk assessments, and maintaining governance processes (e.g., policies standards, exceptions and risk acceptance processes).
- Drive effective strategic conversations about the value tradeoffs across critical remediation priorities, to ensure issues are remediated proactively following a risk-based approach.
- Ensure effective testing of existing controls to identify gaps in operating effectiveness before they become incidents or compliance issues.
- Collaborate with teams to ensure engagements with key internal, regulatory and industry groups to ensure audit responses are timely and effective.
- Lead an effective, efficient, and predictable risk assessment process, to proactively identify, characterize, and drive remediation of important technology and cybersecurity issues.
- Engage with senior leaders and peers to ensure risk and compliance issues are effectively identified, prioritized, and remediated.
- Ensure compliance with relevant laws, regulations (e.g., HHS, SEC, state agencies), and industry standards (e.g., PCI, HITRUST) across Humana.
- Effectively maintain key risk governance functions, including the risk framework, risk acceptance and exceptions processes, policies and standards, and governance forums.
- Build and maintain a highly effective team of risk and compliance professionals, focused on delivery high-value risk outcomes that improve the companies' security, resiliency, and compliance posture.
- Communicate team priorities effectively both within the team and across Humana, to ensure alignment on intended outcomes and a strong risk management culture.
- Ensure associates receive ongoing training necessary to maintain a high level of skill across multiple technical and programmatic domains.
Required Qualifications
- Bachelor's degree, preferably in a technology or related field.
- 10 or more years of experience managing major, complex technology or risk programs.
- Deep experience in operating risk and compliance standards, including PCI, HIPAA, and HITRUST, and enterprise risk management practices.
- Ability to develop and manage against metrics that ensure key projects add clear value.
- Excellent leadership skills including a proven track record of leading and growing large teams and managing technology and cybersecurity risk issues.
- Keen ability to distill complex risk information for presentation to senior executives.
- Technical knowledge of cybersecurity, cloud technologies, information technology operations, resiliency practices, and data privacy.
- Ability to work in a dynamically changing environment and leading people through modernization from traditional assessments to focus on data analytics.
- Ability to influence a wide variety of senior executives in enterprise wide groups.
- Experience interpreting data extracted from advanced analytics (e.g. use of data visualization and reporting).
- Expert judgement and a capacity to deliver organizational change through effective risk leadership.
Desired Qualifications
- Master's Degree in Computer Science, Information Technology, Information Security, or a related field.
- Industry Certifications: CISA, CISSP, HCISPP, CCSP, CISM, CTPRP, etc.
- Healthcare or financial sector experience.
Additional Information
- Location: This position can be located anywhere within the lower 48 states.
- Requires 10-15% travel as business needs dictate.
- Work-At-Home Requirements: To ensure Home or Hybrid Home/Office associates' ability to work effectively, the self-provided internet service of Home or Hybrid Home/Office associates must meet the following criteria: At minimum, a download speed of 25 Mbps and an upload speed of 10 Mbps is recommended; wireless, wired cable or DSL connection is suggested; Satellite, cellular and microwave connection can be used only if approved by leadership; Associates who live and work from Home in the state of California, Illinois, Montana, or South Dakota will be provided a bi-weekly payment for their internet expense; Humana will provide Home or Hybrid Home/Office associates with telephone equipment appropriate to meet the business requirements for their position/job; Work from a dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information.
- Scheduled Weekly Hours: 40.
Humana complies with all applicable federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, sex, sexual orientation, gender identity or religion. We also provide free language interpreter services.
#J-18808-Ljbffr