What are the responsibilities and job description for the Cyber Security Director for Strategic Risk Management position at Point32Health?
About Point32Health
Point32Health is a leading health and wellbeing organization delivering an ever-better personalized healthcare experience to everyone in our communities. We build on the quality, nonprofit heritage of our founding organizations, Tufts Health Plan and Harvard Pilgrim Health Care, leveraging our experience and expertise to help people find their version of healthier living through a broad range of health plans and tools that make navigating health and wellbeing easier.
Job Description
**Lead Cyber & Information Security Strategy**
The Director, Cyber & Information Security will be responsible for leading the organization's ability to effectively respond to and recover from events that result in interruption of business operations. This includes developing and implementing a strategy and practices that ensure the organization is prepared for potential disruptions, setting requirements and providing education to stakeholders about their roles in supporting business continuity, disaster recovery, and incident/crisis management disciplines, and maintaining up-to-date procedures/playbooks.
**Key Responsibilities**
• Manage a team of managers/senior leaders responsible for overseeing core pillars of Cyber & Information Security
• Develop and implement policies, standards, and guidelines that continuously increase the organization's Cyber & Information Security program maturity
• Communicate potential security concerns/exposures with recommended improvements
• Lead communication and collaboration efforts with the business and IT to ensure quality solutions are delivered
• Evangelize the objective to embed security behaviors and principles into the company culture through active engagement, education, awareness, and partnership
• Develop operational excellence in anticipation and response to evolving threats and opportunities to improve cyber and information security
• Identify business risk and communicate risk to appropriate leadership
• Collaborate with stakeholders to define and implement technical and non-technical controls designed to mitigate cyber risk objectives and legal/regulatory obligations
• Maintain the risk repository to continually identify, prioritize, and mitigate cyber and information security related risk issues
Requirements
• Bachelor's degree in Cyber Security, Computer Science, Risk Management, or related field preferred or equivalent experience
• 10 years combined IT, cyber/information security, risk, audit, compliance, with increasing responsibility
• 5 years in cybersecurity or field(s) related to the programs for which the role is responsible for
• 5 years in a leadership role, preferably with at least 2 of those years overseeing other managers
• Experience in leading or sponsoring implementation of technical security solutions within large organizations
• Experience developing and implementing process-based security controls, processes, and capabilities
• Extensive knowledge and experience in security and compliance frameworks such as NIST, ISO, etc
Skills and Qualifications
• Ability to lead a team, including managers, through mentoring, coaching, and motivating - providing an opportunity to learn and grow at Point32Health
• Requires the ability to identify risk within complex, interrelated programs; and to make recommendations or decisions that best align with the corporate strategic objectives
• Ability to communicate effectively across multiple levels of the organization including managing through cross-business area or business unit prioritization discussions
• Strong relationship building skills; Must be able to work collaboratively and cooperatively as a team member, fostering an atmosphere of trust and respect
• Deep understanding of IT infrastructure, program portfolio management, application design, and secure software development lifecycle (SDLC) methodologies
• Commitment to Diversity, Equity & Inclusion
Point32Health is a leading health and wellbeing organization delivering an ever-better personalized healthcare experience to everyone in our communities. We build on the quality, nonprofit heritage of our founding organizations, Tufts Health Plan and Harvard Pilgrim Health Care, leveraging our experience and expertise to help people find their version of healthier living through a broad range of health plans and tools that make navigating health and wellbeing easier.
Job Description
**Lead Cyber & Information Security Strategy**
The Director, Cyber & Information Security will be responsible for leading the organization's ability to effectively respond to and recover from events that result in interruption of business operations. This includes developing and implementing a strategy and practices that ensure the organization is prepared for potential disruptions, setting requirements and providing education to stakeholders about their roles in supporting business continuity, disaster recovery, and incident/crisis management disciplines, and maintaining up-to-date procedures/playbooks.
**Key Responsibilities**
• Manage a team of managers/senior leaders responsible for overseeing core pillars of Cyber & Information Security
• Develop and implement policies, standards, and guidelines that continuously increase the organization's Cyber & Information Security program maturity
• Communicate potential security concerns/exposures with recommended improvements
• Lead communication and collaboration efforts with the business and IT to ensure quality solutions are delivered
• Evangelize the objective to embed security behaviors and principles into the company culture through active engagement, education, awareness, and partnership
• Develop operational excellence in anticipation and response to evolving threats and opportunities to improve cyber and information security
• Identify business risk and communicate risk to appropriate leadership
• Collaborate with stakeholders to define and implement technical and non-technical controls designed to mitigate cyber risk objectives and legal/regulatory obligations
• Maintain the risk repository to continually identify, prioritize, and mitigate cyber and information security related risk issues
Requirements
• Bachelor's degree in Cyber Security, Computer Science, Risk Management, or related field preferred or equivalent experience
• 10 years combined IT, cyber/information security, risk, audit, compliance, with increasing responsibility
• 5 years in cybersecurity or field(s) related to the programs for which the role is responsible for
• 5 years in a leadership role, preferably with at least 2 of those years overseeing other managers
• Experience in leading or sponsoring implementation of technical security solutions within large organizations
• Experience developing and implementing process-based security controls, processes, and capabilities
• Extensive knowledge and experience in security and compliance frameworks such as NIST, ISO, etc
Skills and Qualifications
• Ability to lead a team, including managers, through mentoring, coaching, and motivating - providing an opportunity to learn and grow at Point32Health
• Requires the ability to identify risk within complex, interrelated programs; and to make recommendations or decisions that best align with the corporate strategic objectives
• Ability to communicate effectively across multiple levels of the organization including managing through cross-business area or business unit prioritization discussions
• Strong relationship building skills; Must be able to work collaboratively and cooperatively as a team member, fostering an atmosphere of trust and respect
• Deep understanding of IT infrastructure, program portfolio management, application design, and secure software development lifecycle (SDLC) methodologies
• Commitment to Diversity, Equity & Inclusion
