Vp & Chief Risk Officer

Schedule: Hybrid or Remote
Compensation: $230,000 - $290,000
Jump into the new world of health insurance:

At Blue Cross & Blue Shield of Rhode Island (BCBSRI), our business is healthcare. But our focus is on improving lives. Be part of a team that is large enough to make a difference but small enough to be innovative. Work in a rapidly changing field. Take a chance to be creative. Move outside the status quo. Shape new ideas with the power of a national brand behind you.
 

Join others who know diversity is strength:

We appreciate and celebrate everything that makes us unique: age, national origin, citizenship status, perspectives, experiences, physical or mental disability, military status, race, ethnicity, religion, gender, sexual orientation, gender identity and/or expression. Our diversity strengthens us as an organization and helps us better serve an increasingly diverse Rhode Island population.
 

Why this job matters:

Provide strategic direction for and oversight of the organization's information security, privacy, business continuity, and enterprise risk management (ERM) functions including all activities related to the development, maintenance, and adherence to policies and procedures.  Ensure all functions are aligned with the company's business strategy and objectives. Oversee the implementation of administrative and technical controls in order to maintain the privacy, security, integrity, and availability of data and information systems.  Ensure compliance with state and federal laws and regulations related to privacy, information security, and ERM.

What you will do:

• Serve as organization's Chief Risk & Privacy Officer. Provide strategic direction for and oversight of information security, business continuity, privacy, and ERM programs.  Oversee staff responsible for programs, responsibilities include setting goals, evaluating and conducting performance reviews, as well as supporting employee development. Manage department budget.
• Ensure organization has a comprehensive ERM framework which is familiar to and utilized by leadership of the organization. Collaborate with leadership to determine top risks and ensure actions are documented to mitigate risk. Distribute reports of top risks to leadership and Board of Directors, as appropriate.
• Provide council and solutions to the CEO, Board of Directors, Executive Leadership and all levels of the organization on federal and state privacy and security rules, policies, and regulations and actions necessary to ensure the security and privacy of confidential information. 

• Monitor state and federal laws and regulations relevant to areas of responsibility to identify corporate obligations. Ensure effective and timely communication of compliance standards and procedures to all associates and stakeholders, through security and privacy training programs and publications.
• Develop and execute on the information security, privacy, business continuity and ERM strategic plan. Create, monitor and act upon critical and proactive security, and privacy and risk measures to ensure optimal protection.
• Develop and maintain critical relationships internal and external to organization to remain informed and ahead of crucial trends in the market.
• Oversee the work of assigned organization's programs including directing the implementation and administration of the company's information security, business continuity, privacy and ERM functions. Conduct an annual review of program strategies to identify risks and opportunities, gaps, and reasonable controls to be implemented.
• Oversee development, maintenance, administration, and compliance with the company's information security, privacy and ERM programs including policies, standards and procedures as well as development of mechanisms to oversee the application of policies in coordination with the organization's senior leadership.
• Direct the development of corporate emergency response procedures; oversee distribution and update of emergency procedures to reflect changes in staff size, location, organization, and office facilities. Direct risk analysis for corporate functional areas to identify points of vulnerability and recommend avoidance and reduction strategies.
• Serve as a member of the company's AI Governance Committee and provide guidance on risks related to information security and privacy in use case evaluation. Monitor and disseminate as appropriate regulatory and oversight body requirements related to AI use and governance. 
• Oversee company's compliance with Security and Incident Response portions of the Association's Inter Plan Program Policies and Provisions.
• Participate in reviews of audit reports. 
• Perform other duties as assigned.

What you need to succeed:

• A combination of education and related experience
• Fifteen or more years of information security and privacy experience
• Ten or more years management experience or experience leading a team.
• Strong knowledge of information security domains and industry best practices, specifically NIST CSF
• Knowledge of HIPAA privacy and security rules and regulations
• Knowledge of audit requirements and procedures
• Ability to collaborate while dealing with complex situations.
• Ability to think creatively and to drive innovation.
• Ability to influence up and across the organization.
• Ability to motivate, lead and inspire a diverse group to a common goal/solution with multiple stakeholders.
• Ability to convert business strategy into action-oriented objectives and measurable results.
• Ability to develop and manage a budget.
• Strong negotiating, influencing, and consensus-building skills.
• Ability to mentor, coach and provide guidance to others.

The Extras:

• Certified Information Privacy Manager (CIPM) or Certified Information Security Manager (CISM) designation
• Three or more years of experience managing security and risk in a cloud environment.
• Experience in the health insurance industry

Location:

BCBSRI is headquartered in downtown Providence, conveniently located near the train station and bus terminal. We actively support associate well-being and work/life balance and offer the following schedules, based on role:

• In-office: onsite 5 days per week
• Hybrid: onsite 2-4 days per week
• Remote: onsite 0-1 days per week. Permitted to reside in the following states, pending approval from the Human Resources Department: Arizona, Connecticut, Florida, Georgia, Louisiana, Massachusetts, North Carolina, Oklahoma, Rhode Island, South Carolina, Texas, Virginia