Address
Form of workEmployment TypeFull-time
Exempt or Non-ExemptExempt
Job Summary
Minimum Qualifications
Duties and Responsibilities
Exempt or Non-ExemptExempt
Job Summary
**Hybrid Work Environment - Must reside in Hawaii **
Pay Range: $90,770 - $156,409
Note: Individuals typically begin between the minimum to middle of the pay range
Reports to the Vice President, Chief Audit Executive (CAE), the Cybersecurity Governance Consultant is responsible for providing the organization with consulting and advisory services related to cybersecurity-related governance risk management functions.
These consulting and advisory services are intended to:
- Support the organization's efforts to improve its NIST cybersecurity maturity assessment score.
- Review adequacy of risk management operations with the goal of minimizing risk.
- Advise management on best practices for risk management, internal controls, and processes.
Responsible for designing, developing, documenting and communicating the 2nd line of defense strategy and governance program as it relates to cybersecurity. May assist with special reviews or consulting engagements as directed by the VP and CAE.
Minimum Qualifications
- Bachelor's degree or equivalent combination of experience and education.
- Ten years of IT, risk, audit, or cybersecurity-related work experience.
- Strong verbal and written communication skills. (including interviewing, reporting and presentation skills).
- Expertise with risk management.
- Knowledge of information systems or IT auditing.
- Strong leadership skills.
- Strong project management skills.
- Intermediate working knowledge of Microsoft Office applications, including but not limited to Word, Excel, Outlook, and PowerPoint.
Duties and Responsibilities
- Provide guidance and oversight to IT Security and Corporate Governance functions as it relates to remediation activities intended to address NIST cybersecurity maturity assessment gaps.
- Advise and participate during NIST-related project meetings.
- Review NIST remediation work performed to ensure it meets intended objectives, with sufficient design and effectiveness.
- Provide a high-level programmatic view on the path to enhanced NIST maturity to management, senior management, the HMSA Board of Directors, etc.
- Design and deploy the 2nd line of defense cybersecurity program in support of the overall Corporate Governance function to provide appropriate oversight and monitoring that leads to improved decision-making.
- Drive strategic efforts to educate and advise key internal stakeholders and business leaders regarding the program, while ensuring alignment with current HMSA functions.
- Communicate the vision and purpose of the 2nd line of defense cybersecurity program via presentations to senior management and the HMSA Board of Directors, as well as via internal management and operational-level training.
- Create program governance documents, such as a charter, policies, standards, procedures, risk reporting, and an operational roadmap to support the program's strategy.
- Inventory cybersecurity-related compliance requirements, which may include but are not limited to, regulatory requirements, Blue Cross Blue Shield Association requirements, government program-related requirements, and employer group requirements, and create a risk and controls mapping for improved oversight and identification of gaps.
- Keep abreast of Cybersecurity Governance program updates, emerging issues, latest strategies, etc.
- Provide other consultative services to executives and key management leaders that aligns with HMSA's efforts to implement improved risk management strategies as assigned.
- Other Duties/Functions
- Performs all other miscellaneous responsibilities and duties as assigned or directed.
- Maintain a comprehensive knowledge of risk management activities, internal controls, NIST standards and guidance. Maintain requisite knowledge of cybersecurity risk management trends and updates by participating in appropriate professional organization trainings and seminars, as directed.
#LI-Hybrid
