Cyber Security Strategy Director (Remote)

Resp & Qualifications

PURPOSE:

The Directory, Cybersecurity Strategy is responsible for partnering with the Chief Information Security Officer (CISO) in maintaining a corporate-wide cybersecurity program and organization. Reporting directly to the CISO, the Directory, Cybersecurity Strategy will work with all areas of CareFirsts business to mature and communicate a shared vision for a "best in class" cybersecurity program. This will be done by establishing and executing a robust cybersecurity strategy to support continuous business enablement, while ensuring the confidentiality, integrity, and availability of the company's information, information assets, and related technology from cyber threats. A fundamental component to success is proactive risk management where the roadmap reflects the balance between risks and controls, with transparency, to support informed, risk-based decisions, in alignment with CareFirsts risk appetite and tolerance as defined by the company's Enterprise Risk Management function.

Responsibilities include, but are not limited to, cybersecurity strategy, program coordination and execution, awareness and outreach, internal and external relationship management, and reporting on information security program effectiveness. This position requires an experienced leader with strong business insight and a working knowledge of information security technologies, policies, practices, and their application to the advancement of CareFirsts mission and vision in support of our business. The Directory, Cybersecurity Strategy is comfortable interacting with the most senior levels of the organization and as peer-advisor to CareFirsts business leaders while collaborating with key stakeholders in Legal, Risk, Privacy and Compliance.

The Directory, Cybersecurity Strategy will support the CISO in:

• Representing the security program and state of security across a wide range of stakeholders including, but not limited to, the workforce, customers pre/post sales, regulators, executive management, and the board.
• Ensuring compliance and the successful assessment/audit of compliance against the cybersecurity aspects of applicable regulations and contracts.
• Working with the appropriate stakeholders to lead and manage any remediation or improvement initiatives.
• Acting as the primary contact regarding technical aspects of the incident to management, customers, board, regulators, and other key stakeholders.
• Partnering with other Cybersecurity Strategy functions and Deputy CISOs across Blue Plans to uphold and enforce systemwide security.
• Cultivating relationships and representing CareFirst with external contacts and agencies (e.g., CISA, FBI, etc.)
• This role has accountability for the enterprise and any applicable subsidiaries.

ESSENTIAL FUNCTIONS:

• Support the refinement, delivery, and overall operating model against the security roadmap and three-year risk-based cybersecurity strategy to enable the business vision while ensuring the confidentiality, integrity, and availability of the environment from cybersecurity threats.
• Proactively communicate with internal and external stakeholders on importance of cybersecurity, their role in securing the company, and relevant risks. Ensure that the workforce and extended partners have the appropriate training, education, awareness, and tools to securely perform their functions and understand the necessity of the relevant controls.
• Oversees the strategic and the day-to-day activities of the Department, including directing, coaching, and guiding employees to implement departmental, divisional, and organizational mission/goals. Recruits, retains, and develops a high performing team. Develops annual goals, and prepares, monitors, and analyzes variances of departmental budgets to control and appropriately allocate resources.

SUPERVISORY RESPONSIBILITY:

This position manages people.

QUALIFICATIONS:

Education Level: BS/MS of Computer Science, Information Technology, Risk Management, or related fields and/or relevant experience OR in lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.

Experience: 8 years Related professional experience 3 years Management experience.

Preferred Qualifications:

• 10 years of experience in a combination of risk management, information security and IT delivery with at least 6 years of leadership
• Professional security management certification is desirable, such as:
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA) or other similar credentials or demonstrated experience/success in these areas.

Knowledge, Skills and Abilities (KSAs)

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
• Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.
• Must be a critical thinker with strong problem-solving skills who is able to act calmly and with poise during high stress/high-pressure situations.
• Up-to-date knowledge of business and technical trends.
• Up-to-date knowledge of relevant regulatory and security framework requirements.
• Must understand and be able to articulate the impact of cybersecurity on the business across all levels including the workforce, management, executives, customers, regulators, and trading partners.
• Must be adept at reading legal contracts, legislation, and regulations to appropriately identify risks and compensating controls.
• Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.

Salary Range: $161,280 - $299,376

Salary Range Disclaimer

The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the work is being performed. This compensation range is specific and considers factors such as (but not limited to) the scope and responsibilites of the position, the candidate's work experience, education/training, internal peer equity, and market and business consideration. It is not typical for an individual to be hired at the top of the range, as compensation decisions depend on each case's facts and circumstances, including but not limited to experience, internal equity, and location. In addition to your compensation, CareFirst offers a comprehensive benefits package, various incentive programs/plans, and 401k contribution programs/plans (all benefits/incentives are subject to eligibility requirements).

Department

Cybersecurity Strategy

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Where To Apply

Please visit our website to apply: www.carefirst.com/careers

Federal Disc/Physical Demand

Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.

PHYSICAL DEMANDS:

The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

#LI-HS1