Director, Cyber and Information Security- Governance, Risk and Compliance
Company: Point32Health
Location: Canton
Posted on: September 28, 2024
|
|
Job Description:
Job Summary The focus area for this Director, will be
Governance, Risk, and Compliance. In this role, the Director, Cyber
& Information Security will be focused on leading teams responsible
for: --- IT/Security Compliance --- Security Policy, Oversight, and
Education --- Risk Assessment Services The Director, Cyber &
Information Security, will report into the Chief Information
Security Officer (CISO) for Point32Health. The Director leads Cyber
& Information Security managers and/or security leaders to oversee
and help to ensure that core programs are effectively implemented.
This role is integral in driving the organization---s Cyber &
Information Security strategy and objectives. The Director, Cyber &
Information Security is considered a leader within the IT
Department and is expected to work collaboratively to identify,
influence, and enhance areas of improvement across the
organization. Key Responsibilities/Duties --- what you will be
doing Manage a team of managers/senior leaders responsible for
overseeing the core pillars of Cyber & Information Security Develop
and implement policies, standards, and guidelines that continuously
increase the organization---s Cyber & Information Security program
maturity Communicate potential security concerns/exposures with
recommended improvements Lead communication and collaboration
efforts with the business and IT to ensure quality solutions are
delivered Evangelize the objective to embed security behaviors and
principles into the Point32Health culture through active
engagement, education, awareness, and partnership Develop
operational excellence in anticipation and response to evolving
threats and opportunities to improve cyber and information security
Identify business risk and communicate risk to appropriate
leadership Collaborate with stakeholders to define and implement
technical and non-technical controls designed to cyber risk
objectives and legal / regulatory obligations. Maintain the risk
repository to continually identity, prioritize, and mitigate cyber
and information security related risk issues Participate in various
forums and groups across Point32Health to understand the risk
environment and to provide recommends that effectively incorporate
security objectives while balancing the business impact of
recommendations provided Facilitate adoption of leading security
practices to remain in compliance with regulations and to support
our continuous monitoring and improvement goals Maintain up-to-date
knowledge of the cyber and information security industry, including
awareness of new or revised security capabilities, improved
security processes, threat scenarios, trends, etc.
Identify/recommend tools, processes, software, and protocols to
advance or replace current security practices, services, or
technologies to meet strategic objectives. Other duties and
projects as assigned. Qualifications --- what you need to perform
the job EDUCATION, CERTIFICATION AND LICENSURE: Bachelor---s degree
in Cyber Security, Computer Science, Risk Management, or related
field preferred or equivalent experience EXPERIENCE (minimum years
required): 10 years combined IT, cyber/information security, risk,
audit, compliance, with increasing responsibility 5 years in
cybersecurity or field(s) related to the programs for which the
role is responsible for 5 years in a leadership role, preferably
with at least 2 of those years overseeing other managers Experience
in leading or sponsoring implementation of technical security
solutions within large organizations Experience developing and
implementing process-based security controls, processes, and
capabilities Experience in engaging with and managing vendors
responsible for implementing processes and/or IT solutions
Experience creating and maintaining security requirements,
guidelines, and procedure documents Extensive knowledge and
experience in security and compliance frameworks such as NIST, ISO,
etc SKILL REQUIREMENTS: Ability to lead a team, including managers,
through mentoring, coaching, and motivating - providing an
opportunity to learn and grow at Point32Health Requires the ability
to identify risk within complex, interrelated programs; ability to
assess dynamic situations objectively; and to make recommendations
or decisions that best align with the corporate strategic
objectives Ability to communicate effectively across multiple
levels of the organization including managing through
cross-business area or business unit prioritization discussions
Strong relationship building skills; Must be able to work
collaboratively and cooperatively as a team member, fostering an
atmosphere of trust and respect Ability to influence all levels of
staff and senior management in the decision-making process Deep
understanding of IT infrastructure, program portfolio management,
application design, and secure software development lifecycle
(SDLC) methodologies Commitment to Diversity, Equity & Inclusion
Point32Health is committed to making diversity, equity, and
inclusion part of everything we do---from product design to the
workforce driving that innovation. Our DEI strategy is deeply
connected to our core values and will evolve as the changing nature
of work shifts. Programming, events, and an inclusion
infrastructure play a role in how we spread cultural awareness,
train people leaders on engaging with their teams and provide
parameters on how to recruit and retain talented and dynamic
talent. We welcome all applicants and qualified individuals, who
will receive consideration for employment without regard to race,
color, religion, gender, gender identity or expression, sexual
orientation, national origin, genetics, disability, age, or veteran
status. Who We Are Point32Health is a leading health and wellbeing
organization, delivering an ever-better personalized health care
experience to everyone in our communities. At Point32Health, we are
building on the quality, nonprofit heritage of our founding
organizations, Tufts Health Plan and Harvard Pilgrim Health Care,
where we leverage our experience and expertise to help people find
their version of healthier living through a broad range of health
plans and tools that make navigating health and wellbeing easier.
We enjoy the important work we do every day in service to our
members, partners, colleagues and communities. Scam alert :
Point32Health has recently become aware of job posting scams where
unauthorized individuals posing as Point32Health recruiters have
placed job advertisements and reached out to potential candidates.
These advertisements or individuals may ask the applicant to make a
payment. Point32Health would never ask an applicant to make a
payment related to a job application or job offer, or to pay for
workplace equipment. If you have any concerns about the legitimacy
of a job posting or recruiting contact, you may contact
TA_operationspoint32health.org This job has been posted by Ignyte
AI on behalf of Point32Health. Ignyte AI is committed to the
fundamental principle of equal opportunity and equal treatment for
every prospective and current employee. It is the policy of Ignyte
AI not to discriminate based on race, color, national or ethnic
origin, ancestry, age, religion, creed, disability, sex and gender,
sexual orientation, gender identity and/or expression, military or
veteran status, or any other characteristic protected under
applicable federal, state or local law. Req ID: R7996
Keywords: Point32Health, Boston , Director, Cyber and Information Security- Governance, Risk and Compliance, Executive , Canton, Massachusetts
Click
here to apply!
|