Address
Form of workSummary:
The Director of Information Security Architecture& Business Enablement works alongside the CISO and CTO to coordinate the development and implementation of the Information Security, governance and risk strategy and vision. This role provides a tactical and operational role for managing day-to-day operations and enterprise IT enabled projects of the Information Security, Governance and Risk department. The Director is responsible for managing the technologies required to protect information assets processed by or stored in all information systems. This role oversees staff and provides overall leadership in the development of Information Security, governance and risk strategies, architectures, and risk management programs. This role works alongside the CISO and functions as the liaison between the ISGR department and other business areas inside and outside of the Analytics Data and Technology Division in the implementation of security policies, processes, technologies, and practices. This position evaluates risks and threats to systems and assets, implements security policies/controls to mitigate the company's exposure to the identified risks/threats. This role ensures alignment to our Corporate and Divisional Strategies as they relate to Information Security, governance, and risk, in support of developing the department strategic plan.
Essential Accountabilities:
• Provides input on Information Security, governance, and risk issues, with regard to strategy and direction, to all levels of the company.
• Manages the day-to-day operations of the Information Security, Governance and Risk department.
• Oversees the teams responsible for monitoring threats, internal systems for malicious activity, responding to incidents, conducting forensics/providing litigation support, managing user identity, user access, automatic syncing of passwords, delivering SSO capability, system security engineering and providing consulting services within the organization to ensure that security and compliance are incorporated into all systems, applications, and partnerships.
• Provides security leadership to the organization.
• Assists with overseeing the development and delivery of Information Security and services throughout the Health Plan.
• Conducts research on current and emerging technologies, as well as security exploitation techniques.
• Assists in directing the development and ongoing reporting of Information Security data such as access rights violations and unusual activity. Utilizes software or tools required to monitor and report security related violations, problems, or discrepancies.
• Helps lead cross-organizational efforts to formulate network security strategies.
• Provides Security Architecture and design alternatives for third party access utilizing security risk assessment and analysis techniques.
• Assists in formulating, implementing, and maintaining technical network security strategies and architectures.
• Interacts with the Networking, Engineering, IT Services, IT Infrastructure, Portfolio Management and Applications Development groups to ensure proper security and compliance is built in from the beginning.
• Consults with development, engineering and operations on the design, implementation and operation of new and existing systems relative to network security.
• Ensures key network security strategic initiatives are in conformance with industry and internal architectural goals.
• Other duties include facilitating strategy and planning between network security administrators, system security administrators and department security administrators.
• Participates in enterprise-wide computer security response team when significant network, Internet, or related security incidents occur.
• Manages the vulnerability analysis, monitoring, intrusion detection/incident response, secure application and host design, security assessments and security consulting.
• Assists in the development, implementation, and administration of Information Security standards, policies, procedures and guidelines to ensure security policies and standards are up-to-date, in terms of security trends and anticipated threats.
• Helps establish and maintain procedures in compliance with State and Federal regulations (including HIPAA/HITECH, GLBA, PCI/DSS, MAR/SOX, HCFA, etc.)
• Helps establish risk management policies, standards and guidelines.
• Assists in development and promotion of application development, infra-structure implementation, and network security policies and "best practices."
• Assists with the coordination of the security orientation and security awareness programs to ensure that there is an appropriate awareness of Information Security and safe computing practices across the enterprise.
• Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs.
• Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures.
• Maintains knowledge of all relevant legislative and regulatory mandates and ensures that all activities are compliant with these requirements.
• Conducts periodic staff meetings to include timely distribution and education related to departmental and Ethics/Compliance information.
• Regular and reliable attendance is expected and required.
• Performs other functions as assigned by management.
Minimum Qualifications:
• Ten (10) years of engineering or information technology experience. Three (3) of which were in a defined leadership role, supervising or managing people or a team.
• Bachelor’s degree in computer science, information technology, engineering or related field. In lieu of a degree, six (6) years of experience required.
• Project management experience leading large, complex projects and the ability to manage multiple priorities.
• Professional certifications such as CISSP, CISA, CISM, etc. preferred.
• Planning and organizational skills. Excellent communication skills with the ability to present clear and concise information to all levels within the organization and technical abilities.
• Ability to document application security policies and procedures to effectively communicate security standards to all levels of management and staff.
• Basic knowledge of multi-platform operating systems, programming languages, databases and security structures, mainframe/client server platforms/ telecommunications/Internet/data center operations.
• Prior experience managing investigations of network security incidents.
• Basic knowledge of mainframe/midrange access control systems, NT/Internet security, firewalls encryption, and virus detection.
Physical Requirements:
• Ability to work prolonged periods sitting and/or standing at a workstation and working on a computer.
• Ability to work while sitting and/or standing at a workstation viewing a computer and using a keyboard, mouse and/or phone for three (3) or more hours at a time.
• Ability to travel across the Health Plan service region for meetings and/or trainings as needed.
• Ability to work in a home office for continuous periods of time for business continuity.
************
One Mission. One Vision. One I.D.E.A. One you.
Together we can create a better I.D.E.A. for our communities.
At the Lifetime Healthcare Companies, we’re on a mission to make our communities healthier, and we can’t do it without you. We know diversity helps fuel our mission and that’s why we approach our work from an I.D.E.A. mindset (Inclusion, Diversity, Equity, and Access). By activating our employees’ experiences, skills, and perspectives, we take action toward greater health equity.
We aspire to reflect the communities we live in and serve, and strongly encourage people of color, LGBTQ+ people, people with disabilities, veterans, and other underrepresented groups to apply.
OUR COMPANY CULTURE:
Employees are united by our Lifetime Way Values & Behaviors that include compassion, pride, excellence, innovation, and having fun! We aim to be an employer of choice by valuing workforce diversity, innovative thinking, employee development, and by offering competitive compensation and benefits.
In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position.
Equal Opportunity Employer
