Dir Cybersecurity Risk

Job Description Summary

Are you passionate about cyber risk management? Are you someone who enjoys creating new and collaborative processes? Do you enjoy helping others succeed by leading in risk-based decision making discussions? We have an opportunity for you at BCBSA Information Security. We are looking for a cyber risk management leader (Director level role) to lead the creation and deployment of defined and structured processes to support evolving and maintaining our cyber risk management program. This role works across the BCBSA organization to align cyber risk management with the organization's goals and outcomes. You'll have the chance to bring a combination of analytical and qualitative assessment approaches together to identify, assess, and develop appropriate mitigation plans and strategies. You'll be able to apply your experience in effectively managing cyber risk at technical and non-technical levels to help the organization understand where and how to maintain target business risk tolerance. You'll also serve IT and information security leadership in making risk informed decisions and shaping the future direction of BCBSA's cybersecurity program. You'll get to be hands-on in assessing internal and third-party supplier risks and clearly articulating to leadership recommended actions. Through your cyber risk management acumen, you'll bring your thought leadership to realistically translate technical and non-technical risks to simple, business level understanding.

Responsibilities include but are not limited to:

Responsible for providing Cyber Risk leadership and subject matter expertise on all assigned projects. Responsible for identifying day-to-day task assignments and providing technology and project management guidance on deliverables. Validates and ensures Cyber Risk requirements are thorough, testable, detailed, concise and traceable. Accountable for project deliverables, estimates, project team-structures, technical artifacts, and engagement of all project stakeholders.

Responsible for project planning, budget approvals, estimation and management for all project deliverables, collaborates with Service Delivery managers as appropriate. Proficient in implementing cyber risk processes, leads teams to attain goals, pursue excellence and establish discipline specific best-practices. Responsible for driving all project decisions, strong ability to make timely decisions and establish project governance. Collaborates with other team-members, peers and builds trust, exhibits sense of urgency, biased for action and possesses good follow-up skills. Customer focused with ability to persuade and drive consensus to resolve conflict and facilitate timely decision making.

Reviews and approves team progress reports, expenses, invoices and contracts in a thorough and timely manner. Reviews the status reports of team members and addresses issues as appropriate. Complies with and helps to enforce standard policies and procedures. Provides and seeks timely feedback to IT partners, peers and team-members.

Provides leadership as a product champion for cyber risk in the Governance, Risk and Compliance technology platform and Cyber Risk direction to business by establishing a vision and risk strategy to meet established project goals and objectives, while focused on continuous improvement. Provides project team(s) business/technical leadership and guidance on day to day tasks. Responsible for driving change for implementing process improvements and ensuring long term compliance. Leads the creation and maintenance of methodologies and processes for the department. Expected to lead multiple, simultaneous projects and time-critical deliverables.

Maintains a formal risk register that drives security, governance and ensures security findings are aligned with business objectives.

Responsible for maintaining positive working relationships with all groups, cross-functional teams, including technical. Identifies opportunities/needs and works with team-leads and other directors to accomplish strong relationships and influence decisions and teams without having direct functional reporting structure.

Provides budget forecasts and estimates for Cyber Risk activities on a continuous basis. Responsible for variance analysis and justifications and following the established BCBSA processes/procedures.

Responsible for providing status updates to Senior/Executive management. Responsible for escalating risks/issues with customer issues appropriately and in a timely manner. Ensures design, development, testing and investigative activities lead to appropriate resolution.

Effectively and tactfully communicates relevant and potentially difficult/sensitive information to senior management.

Delivers engaging, informative, well-organized presentations.

Responsible for engaging, understanding and effectively communicating needs of business to IT teams/partners

Resolves and/or escalates issues, proposes alternatives, and sets or manages expectations in a timely fashion.

Responsible for leading and managing delivery on multiple projects and responsible for all project related resource management, task-prioritization and development. Frequent Plan interactions via System Advisory Group or project communications to ensure business solutions meet Plan needs and implementation/budget concerns are understood. Frequent project participation/collaboration to ensure technical solutions meet business needs.

Relays relevant information to the organization in a timely manner. Participate as a product champion for cyber risk in the Governance, Risk and Compliance technology platform.

Required Education, Certifications and Experience

• Bachelors Degree, IT, information Security, Risk or IT Management, Computer Science, or a related field.

• Minimum 7 years of IT career experience in a similar or closely related field

• Practical application of cybersecurity risk management frameworks (FAIR, OCTAVE, COBIT, NIST RMF).

• Minimum of 7 years' PC experience using spreadsheets and word processing tools, including all components of MS Office.

• Possesses strong technology project management skills.

• Relationship management skills and the ability to develop and maintain Cyber Risk relationships.

• Advanced analytical and problem solving skills.

• Experience in organizing, planning, and executing large-scale projects from vision through implementation, involving internal staff, contractors and vendors.

• Experience analyzing project needs and determine resources needed to meet objectives and within budget.

• Experience completing risk assessments for vendors.

Preferred Education, Certifications and Experience

• Knowledge of national and international regulatory and compliance frameworks such as NIST Cybersecurity Framework, ISO 27001, EU DPD, HIPAA/HITECH.

• Extensive knowledge in the use of Project Management methodologies and tools and understand human resources policies and practices and change management techniques. Demonstrated leadership, mentoring, and project management skills.

• Experience with health care components such as Claims, and Enrollment in mainframe and client/server technology environments.

• Understanding of current application cyber risk development methodologies.

• Researching emerging technologies and possible application to the business.

• CISA, CISM, CRISC, CISSP, CPP or CFE are preferred.

People Management Yes

#LI-Hybrid