Director, Systemwide Security
Company: Blue Cross Blue Shield Association
Location: Washington
Posted on: November 19, 2024
Job Description:
The hiring range for this role is: $165,000.00 - $185,000.00This
is the lowest to highest salary we, in good faith, believe we would
pay for this role at the time of this posting. We may ultimately
pay more or less than the hiring range and this hiring range may
also be modified in the future. A candidate's position within the
hiring range may be based on several factors including, but not
limited to, specific competencies, relevant education,
qualifications, certifications, relevant experience, skills,
seniority, performance, shift, travel requirements, and business or
organizational needs.This job is also eligible for annual bonus
incentive pay.We offer a comprehensive package of benefits
including paid time off, 11 holidays, medical/dental/vision
insurance, generous 401(k) matching, lifestyle spending account and
many other benefits to eligible employees.Note: No amount of pay is
considered to be wages or compensation until such amount is earned,
vested, and determinable. The amount and availability of any bonus,
commission, or any other form of compensation that are allocable to
a particular employee remains in the Company's sole discretion
unless and until paid and may be modified at the Company's sole
discretion, consistent with the law.Job Description Summary
The Director, Systemwide Cybersecurity and Compliance will manage
key aspects of implementing our Systemwide Cyber Strategy and
governance across 33 Plans and several Non Plan Entities that
represent the Blue Cross Blue Shield System. The Director will also
provide thought leadership and support to Management in their work
with Systemwide CISOs and key internal stakeholders. The goal of
this role is to collaborate with stakeholders to design, build,
implement, and operate a strategy that meets the needs of the
System as well as support the governance, risk and compliance
process that is in place to ensure we are aligned, collaborative
and providing value. The Director will also be responsible for
ensuring that Systemwide strategy, as applicable, is communicated
and implemented within the Association. This role offers a great
opportunity to interact with CISOs and multi-disciplinary teams
from across the Blue Cross Blue Shield System.Responsibilities
include but are not limited to:Cybersecurity Strategy Development
and ImplementationThe Director is responsible for creating and
managing the processes by which Systemwide Strategy initiatives,
examples include measuring cybersecurity maturity and the
operational effectiveness of key security controls, are agreed to,
defined, and achieved. The Director will lead those initiatives
across the System to their intended outcomes on time and within
budget and provide analytical and programmatic support as needed.
The Director will also support the process of refreshing the cyber
strategy every three years to ensure it is current, adding value
and reducing systemwide risk.The Director shall be highly skilled
at the following:
- Engaging with leadership in setting strategy and providing
insights
- Contributing to thought leadership in tackling a problem(s),
Presenting findings to CISOs, Board subcommittees and cross
functional teams
- Ability to effectively distill and communicate ideas; Project
Management and reporting
- Managing budget and associated contract engagements with
vendors
- Risk identification and classification
- Delivering intended outcomes
- Marketing, preparing and socializing communications
- Providing training, education and awareness regarding
information security requirements and expectations
- Creating and managing metric programs as well as communicating
related insights
- Managing meetings and driving content to keep the focus on
intended outcomesProgram Governance, Risk and ComplianceThe
Director will support governance of two workgroups, who meet
quarterly, and are tasked with the following:
- Advising the Association and System on pertinent data security
issues.
- Fostering and supporting increased alignment among Blue System
CISOs.
- Increasing value through inter-Plan collaboration on security
practices and cyber threat intelligence sharing.
- Leverage expertise within the BCBS System on security
issues.The Director shall be highly skilled at the following:
- Preparing and translating policies and standards and monitoring
compliance
- Preparing and socializing communications (quarterly newsletter
etc.)
- Creating and managing annual communication plans
- Preparing and running surveys followed by distilling and
presenting insights
- Risk planning, mitigation, and remediation to address
information security deficiencies
- Creating and proofreading materials and findings to ensure
clarity and resonance
- Running complex meetings and preparing associated collateral
(agenda, minutes, materials)
- Collaborating with procurement, vendors and cross functional
teams in planning and executing on program deliverables
- Creating and managing calendars that detail key meetings
throughout the year
- Working effectively with others to meet a cyber program
objective
- Being an initiative-taker with minimum oversight needed
- Being a collaborator who does not mind getting their hands
dirty in some of the tactical aspects of meeting support (creating
and distributing name tents, general meeting support etc.)Required
Education, Certifications and Experience:Education
- Bachelors Degree; Computer science, information systems or
relatedCertifications
- Certified information Systems Security Professional (CISSP) or
like credential (required)
- Certified information Systems Security Professional (CISSP)
(preferred)
- Certified Information Privacy Professional (CIPP)
(preferred)
- Certified Information Security Manager (CISM) (preferred)
- Certified Information Security Auditor (CISA)
(preferred)Experience
- A minimum of eight (8) years of experience in information
security and program oversightSkillsCritical competencies for
success:
- Leadership skills: Must have the proven ability to lead the
development, planning, coordination, and monitoring of information
security risk management-related process, technology, and
operations, and be a key part of the team's leadership for
governance aspects of information security. Must be able to
communicate effectively regarding security, privacy, risk, and
compliance to senior business leaders and fellow team members. As
trusted counsel to senior management, the role requires a highly
resourceful individual with emotional intelligence,
self-motivation, and strong analytical and communication skills who
is also willing to roll up their sleeves to support where needed.
- Security knowledge: Able to draw upon proven experience to
recommend and gain buy-in to numerous information security
initiatives. Ability to lead a team by demonstrating subject matter
expertise. This individual is able to represent the interests of
the organization, gain support from stakeholders and formalize
acceptance through the creation and adoption of policies,
standards, and guidance.
- Ability to deliver: This individual will have the proven
ability to lead complex projects across various business and
functional departments as they pertain to risk and security
matters. Ability to create a project management mindset with clear
objectives, goals, processes, and measurable outcomes.
- Risk-based methodology: Must demonstrate acute application of
risk-based decision-making. This person should enable business
decisions and strategy yet strike a balance between the desires of
the business and the risk-profile required to protect information
assets.People ManagementNo#LI_HYBRID
Keywords: Blue Cross Blue Shield Association, Towson , Director, Systemwide Security, Executive , Washington, Maryland
Didn't find what you're looking for? Search again!
Loading more jobs...