Managing Director, Information Security Risk and Resilience

The hiring range for this role is:  

$180,000.00 - $220,000.00

This is the lowest to highest salary we, in good faith, believe we would pay for this role at the time of this posting.  We may ultimately pay more or less than the hiring range andthis hiringrange may also be modified in the future. A candidate’s position within the hiring range may be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, relevant experience, skills, seniority, performance, shift, travel requirements, and business or organizational needs. This job is also eligible for annual bonusincentivepay.

We offer a comprehensive package of benefits including paid time off, 11 holidays, medical/dental/vision insurance, generous 401(k) matching, lifestyle spending account and many other benefits to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.

Job Description Summary:

This role will lead the overall cyber risk management and business resiliency program for BCBSA. These capabilities underpin our focus on ensuring and maintaining constant vigilance and management of cyber risk impact to our assets, teammates, and those we serve. This role is responsible for identifying, assessing, and managing information security risks, ensuring robust resiliency planning and executing resiliency drills to maintain continuous awareness and the ability to withstand business operations resulting from cyber events.

Responsibilities include but are not limited to:

Primary Job Functions:

• Leadership and Strategy: Develop, implement, and execute a comprehensive information security risk management and resilience strategy for the organization by serving as a thought leader and partner to ensure effective performance of security risks and resilience initiatives.
• Risk Identification and Management: Identify, assess, and prioritize information security risks. Develop and implement risk mitigation strategies and controls to protect the organization's information assets and processes. Produce meaningful reports and metrics that enable effective awareness and management to desired risk levels.
• Compliance Assessments: Responsible for ensuring compliance with relevant information security standards and regulations, including SOC, NIST Cybersecurity Framework, and ISO standards. Maintain clear and effective policies and procedures to address identified gaps and ensure continuous compliance.
• Resilience Planning: Enhance the organization's resilience to handle disruptions to key systems and enabling processes. Develop and implement business resiliency practices, playbooks, alternatives, and rehearsal exercises that maintain critical business processes to achieve a minimally viable company level of operations. Maintain effective disaster recovery and business continuity processes that support effective resiliency practices.
• Collaboration and Communication: Work closely with other departments, including business stakeholders, legal, compliance, HR, and information technology, to ensure a coordinated approach to designing and achieving resiliency outcomes. Achieve successful results by building collaborative relationships with key business partners.
• Continuous Improvement: Stay updated with the latest security trends, technologies, and best practices. Continuously improve the organization's security posture by implementing new technologies and processes for efficiency and to deliver operational excellence.

Required Education, Experience and Certification:

Education:

• Required: Bachelor's degree in Information Security, Computer Science, or equivalent work experience.

Required Experience:

• 10 years of experience in information security, with a focus on risk management and resilience program development.
• Experience in developing and implementing information security risk and resilience strategies.

Certification:

• Preferred: CISSP, CISM, CBCP, or CRISC

Knowledge, Skills, and Abilities:

• Excellent leadership skills with the ability to effectively influence and inspire others towards a shared vision/goal.
• Strong collaboration, people management and coaching skills.
• Ability to effectively communicate and build productive work relationships
• Strong knowledge of information security frameworks, standards, and regulations (e.g., NIST, ISO 27001, GDPR, SOC 2).

#LI_HYBRID