Responsibilities include but are not limited to:

Cybersecurity Strategy Development and Implementation

The Director is responsible for creating and managing the processes by which Systemwide Strategy initiatives, examples include measuring cybersecurity maturity and the operational effectiveness of key security controls, are agreed to, defined, and achieved. The Director will lead those initiatives across the System to their intended outcomes on time and within budget and provide analytical and programmatic support as needed. The Director will also support the process of refreshing the cyber strategy every three years to ensure it is current, adding value and reducing systemwide risk.

Critical competencies for success:

Leadership skills: Must have the proven ability to lead the development, planning, coordination, and monitoring of information security risk management-related process, technology, and operations, and be a key part of the team's leadership for governance aspects of information security. Must be able to communicate effectively regarding security, privacy, risk, and compliance to senior business leaders and fellow team members. As trusted counsel to senior management, the role requires a highly resourceful individual with emotional intelligence, self-motivation, and strong analytical and communication skills who is also willing to roll up their sleeves to support where needed.

Security knowledge: Able to draw upon proven experience to recommend and gain buy-in to numerous information security initiatives. Ability to lead a team by demonstrating subject matter expertise. This individual is able to represent the interests of the organization, gain support from stakeholders and formalize acceptance through the creation and adoption of policies, standards, and guidance.

Ability to deliver: This individual will have the proven ability to lead complex projects across various business and functional departments as they pertain to risk and security matters. Ability to create a project management mindset with clear objectives, goals, processes, and measurable outcomes.

Risk-based methodology: Must demonstrate acute application of risk-based decision-making. This person should enable business decisions and strategy yet strike a balance between the desires of the business and the risk-profile required to protect information assets.

The Director shall be highly skilled at the following:

• Engaging with leadership in setting strategy and providing insights

• Contributing to thought leadership in tackling a problem(s)

• Presenting findings to CISOs, Board subcommittees and cross functional teams

• Ability to effectively distill and communicate ideas

• Project Management and reporting

• Managing budget and associated contract engagements with vendors

• Risk identification and classification

• Delivering intended outcomes

• Marketing, preparing and socializing communications

• Providing training, education and awareness regarding information security requirements and expectations

• Creating and managing metric programs as well as communicating related insights

• Managing meetings and driving content to keep the focus on intended outcomes

Program Governance, Risk and Compliance

The Director will support governance of two workgroups, who meet quarterly, and are tasked with the following:

• Advising the Association and System on pertinent data security issues.

• Fostering and supporting increased alignment among Blue System CISOs.

• Increasing value through inter-Plan collaboration on security practices and cyber threat intelligence sharing.

• Leverage expertise within the BCBS System on security issues.

The Director shall be highly skilled at the following:

• Preparing and translating policies and standards and monitoring compliance

• Preparing and socializing communications (quarterly newsletter etc.)

• Creating and managing annual communication plans

• Preparing and running surveys followed by distilling and presenting insights

• Risk planning, mitigation, and remediation to address information security deficiencies

• Creating and proofreading materials and findings to ensure clarity and resonance

• Running complex meetings and preparing associated collateral (agenda, minutes, materials)

• Collaborating with procurement, vendors and cross functional teams in planning and executing on program deliverables

• Creating and managing calendars that detail key meetings throughout the year

• Working effectively with others to meet a cyber program objective

• Being an initiative-taker with minimum oversight needed

• Being a collaborator who does not mind getting their hands dirty in some of the tactical aspects of meeting support (creating and distributing name tents, general meeting support etc.)

Required Education, Certifications and Experience

• Required: Bachelors Degree, Computer science, information systems or related

• A minimum of eight (8) years of experience in information security and program oversight

Certifications

Required:

• Certified information Systems Security Professional (CISSP)

Preferred Education, Certifications and Experience

• Certified information Systems Security Professional (CISSP)

• Certified Information Privacy Professional (CIPP)

• Certified Information Security Manager (CISM)

• Certified Information Security Auditor (CISA)

People Management No

#LI_HYBRID