Job Summary
The Director of Cybersecurity Governance, Risk, and Compliance will lead teams responsible for essential areas in Cyber & Information Security such as :
- IT / Security Compliance
- Security Policy, Oversight, and Education
- Risk Assessment Services
Reporting to the Chief Information Security Officer (CISO), this leader will manage Cyber & Information Security managers and oversee the implementation of core programs aimed at enhancing the organization's security strategy and objectives. This position is vital for cultivating security best practices within the IT Department and driving collaborative improvements across the organization.
Key Responsibilities / Duties - What You Will Be Doing
Lead and manage a team of managers and senior leaders to ensure effective oversight of Cyber & Information Security core pillars.Develop and implement comprehensive policies, standards, and guidelines to elevate the organization's Cyber & Information Security program maturity.Identify and communicate potential security risks, providing actionable recommendations for improvement.Foster communication and collaboration with business and IT teams to ensure high-quality security solutions are implemented.Champion the integration of security behaviors into the organizational culture through proactive engagement, education, and awareness initiatives.Enhance operational responses to emerging threats while seeking opportunities to improve overall cyber and information security.Identify and articulate business risks, directly communicating with appropriate leadership.Work with stakeholders to implement both technical and non-technical controls to meet cyber risk objectives and satisfy legal and regulatory requirements.Maintain a comprehensive risk repository to systematically identify, prioritize, and mitigate cybersecurity-related risks.Engage in various forums to understand the risk landscape and provide recommendations that align security and business priorities.Promote the adoption of leading security practices to ensure compliance with regulations and support ongoing monitoring and improvement efforts.Stay abreast of recent developments in cybersecurity, including new capabilities, improved processes, and evolving threat scenarios.Identify and recommend tools, processes, and technologies that will strengthen the organization’s security posture and meet its strategic objectives.Perform additional duties and projects as assigned.Qualifications - What You Need to Perform the Job
Education, Certification, and Licensure :
Bachelor's degree in Cyber Security, Computer Science, Risk Management, or a related field preferred, or equivalent practical experience.Experience (Minimum Years Required) :
10 years of combined experience in IT, Cyber / Information Security, risk management, audit, or compliance, with increasing levels of responsibility.5 years specifically in cybersecurity or related fields.5 years in a leadership capacity, including at least 2 years overseeing other managers.Experience in leading the implementation of technical security solutions within large organizations.Proven track record in developing and implementing security controls and processes.Experience managing vendors to ensure proper implementation of processes and IT solutions.Skilled in creating and maintaining security requirements, guidelines, and procedural documents.Extensive knowledge of security and compliance frameworks such as NIST, ISO, etc.Skill Requirements :
Ability to mentor and motivate a team of managers, fostering opportunities for learning and growth.Proficient in identifying risks within complex programs and making recommendations aligned with corporate objectives.Strong communication skills to effectively engage with various levels of the organization, including facilitating prioritization discussions.Exceptional relationship-building capabilities to promote collaboration and trust across teams.Ability to influence decision-making processes at all levels of the organization.Deep understanding of IT infrastructure, program management, application design, and secure software development lifecycle (SDLC) methodologies.Commitment to Diversity, Equity & Inclusion
Point32Health is dedicated to incorporating diversity, equity, and inclusion in all aspects of our operations. We welcome applicants and qualified individuals irrespective of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Who We Are
Point32Health is a leading health and wellbeing organization, delivering personalized health care experiences throughout our communities. Our rich heritage from Tufts Health Plan and Harvard Pilgrim Health Care informs our commitment to helping individuals achieve their health goals through a wide array of health plans and innovative tools.
We take pride in the meaningful work we do each day to serve our members, partners, colleagues, and communities.
Scam Alert : Point32Health does not require job applicants to make payments or purchase workplace equipment. If you suspect a job posting is fraudulent, please contact our human resources to verify its legitimacy.
Req ID : R7996
