Director of Cyber Security Governance and Compliance

About Point32Health

Point32Health is a leading health and wellbeing organization, delivering an exceptional personalized healthcare experience to communities across the nation. Leveraging our quality, nonprofit heritage from Tufts Health Plan and Harvard Pilgrim Health Care, we empower individuals to find their version of healthier living through innovative health plans and tools.

We pride ourselves on serving our members, partners, colleagues, and communities with integrity and dedication. To learn more about who we are at Point32Health, click here.

Job Summary

The Director of Cyber Security Governance and Compliance will be responsible for leading teams focused on Governance, Risk, and Compliance. This role will oversee IT/Security Compliance, Security Policy, Oversight, and Education, as well as Risk Assessment Services.

• IT/Security Compliance
• Security Policy, Oversight, and Education
• Risk Assessment Services

This position reports directly to the Chief Information Security Officer (CISO) and plays a critical role in driving Point32Health's Cyber Security strategy and objectives. The Director will lead Cyber Security managers and/or security leaders to oversee and ensure that core programs are effectively implemented.

Key Responsibilities

1. Manage a team of managers/senior leaders responsible for overseeing the core pillars of Cyber Security
2. Develop and implement policies, standards, and guidelines that continuously increase the organization's Cyber Security program maturity
3. Communicate potential security concerns/exposures with recommended improvements
4. Lead communication and collaboration efforts with the business and IT to ensure quality solutions are delivered
5. Evangelize the objective to embed security behaviors and principles into the Point32Health culture through active engagement, education, awareness, and partnership
6. Develop operational excellence in anticipation and response to evolving threats and opportunities to improve cyber and information security
7. Identify business risk and communicate risk to appropriate leadership
8. Collaborate with stakeholders to define and implement technical and non-technical controls designed to cyber risk objectives and legal / regulatory obligations
9. Maintain the risk repository to continually identify, prioritize, and mitigate cyber and information security related risk issues
10. Participate in various forums and groups across Point32Health to understand the risk environment and provide recommendations that effectively incorporate security objectives while balancing the business impact of those recommendations
11. Facilitate adoption of leading security practices to remain in compliance with regulations and support continuous monitoring and improvement goals
12. Maintain up-to-date knowledge of the cyber and information security industry, including awareness of new or revised security capabilities, improved security processes, threat scenarios, trends, etc.
13. Identify/recommend tools, processes, software, and protocols to advance or replace current security practices, services, or technologies to meet strategic objectives
14. Other duties and projects as assigned

Qualifications and Skills

• Bachelor's degree in Cyber Security, Computer Science, Risk Management, or related field preferred or equivalent experience
• 10 years combined IT, cyber/information security, risk, audit, compliance experience with increasing responsibility
• 5 years in cybersecurity or field(s) related to the programs for which the role is responsible
• 5 years in a leadership role, preferably with at least 2 of those years overseeing other managers
• Experience in leading or sponsoring implementation of technical security solutions within large organizations
• Experience developing and implementing process-based security controls, processes, and capabilities
• Experience engaging with and managing vendors responsible for implementing processes and/or IT solutions
• Experience creating and maintaining security requirements, guidelines, and procedure documents
• Extensive knowledge and experience in security and compliance frameworks such as NIST, ISO, etc

Required Skills and Qualifications

• Ability to lead a team, including managers, through mentoring, coaching, and motivating - providing an opportunity to learn and grow at Point32Health
• Requires the ability to identify risk within complex, interrelated programs; ability to assess dynamic situations objectively; and to make recommendations or decisions that best align with the corporate strategic objectives
• Ability to communicate effectively across multiple levels of the organization including managing through cross-business area or business unit prioritization discussions
• Strong relationship building skills; Must be able to work collaboratively and cooperatively as a team member, fostering an atmosphere of trust and respect
• Ability to influence all levels of staff and senior management in the decision-making process
• Deep understanding of IT infrastructure, program portfolio management, application design, and secure software development lifecycle (SDLC) methodologies

Working Conditions and Additional Requirements

Must be able to work under normal office conditions and work from home as required. Work may require simultaneous use of a telephone/headset and PC/keyboard and sitting for extended durations. May be required to work additional hours beyond standard work schedule.