Vice President , Chief Information Security Officer
- Recruiter
- Blue Cross and Blue Shield of Massachusetts Inc.
- Location
- Boston
- Salary
- Competitive
- Posted
- 30 Sep 2024
- Closes
- 28 Oct 2024
- Job Type
- Information Security
- Employer Sector
- Technology, IT & Telecoms
- Contract Type
- Permanent
- Hours
- Full Time
Ready to help us transform healthcare? Bring your true colors to blue.
The Role
Reporting to the Chief Information Officer and SVP of Enterprise Technology, the Chief Information Security Officer (CISO) will be responsible for strategic oversight and management of our enterprise–wide corporate security program, as well as leadership oversight of a direct staff and external vendors. The leader will drive and champion BCBSMA's cyber and data security vision, strategy, and information security program that aligns with business goals and industry best practices by conducting thorough research and assessment of information security requirements. The leader will have a deep understanding of the evolving landscape of security and technology and will collaborate directly with the senior management team and key business stakeholders (audit & risk, legal, compliance, operations, IT) to manage and resolve security incidents, and plan and implement information security projects to meet key business objectives across the organization. The ideal candidate will establish, lead and uphold robust information security policies, standards and procedures, ensuring organizational adherence while also establishing stringent security requirements and mitigating security risks associated with third–party vendors for compliance with these standards.
Experience, Track Record and Sector Knowledge:
- A deep and well–rounded information and cyber security background with proven ability to develop and articulate a long–term vision for the organization's cyber security strategy.
- Proven track record of developing and implementing secure processes and systems used to prevent, detect, mitigate, and recover from cyberattacks with strong exposure to firewalls, encryption, and other technology–based safeguards.
- Strong security architecture background with experience building and driving a cybersecurity strategy and framework, with initiatives to secure the organization's cyber and technology assets.
- Effectively led incident response efforts in the event of a cybersecurity breach or incident, including coordinating with internal teams and external stakeholders to mitigate the impact and ensure timely resolution and communication.
- Evaluating the security posture of third–party vendors and partners and ensure that appropriate security measures are in place to protect shared data and resources.
- Deep credibility in developing and delivering security awareness programs and training initiatives to educate employees and stakeholders on cybersecurity best practices and procedures.
- Ability to negotiate and manage external relationships with contracting firms, application developers, third–party vendors.
- Demonstrated ability to lead complex projects involving multiple organization units, systems and/or technical components.
- Experience evaluating and adopting cutting–edge security technologies and tools into the enterprise with seamless integration of security measures throughout the development lifecycle.
- Experience within healthcare and familiarity with the health care/managed care data model is a plus.
Key Competencies:
- Influencing collaboratively: Exceptional ability to convey security concepts to both technical and non–technical stakeholders (including executives and board members) and able to influence and advocate for necessary security measures.
- Leading teams: Strong track record of leading, managing, and inspiring the security team, including recruiting, developing, and retaining top talent.
- Shaping strategy: Ability to be innovative and approach issues with a strategic mindset to provide thoughtful evaluations and recommendations on security risks as they relate to project objectives, facilitating resolution in cases of conflict.
- Market insights: Deep understanding of evolving cybersecurity threats, events, and market dynamics across business ecosystems to evaluate potential impacts and prioritize strategic focus areas.
- Results orientation: Driving execution for results by thoughtfully orchestrating organizational resources to continually drive for superior impact and business results with high adaptability in a changing environment.
Personal Characteristics:
- Deep commitment to lead a pervasive culture of security consciousness with purposeful intent that aligns with BCBSMA's mission and values.
- Establish a culture of high performance, productivity, creativity, and innovation.
- Provide strong leadership to the various team members through mentoring, career development, interpersonal skills, teamwork ethic, and enabling leadership skills.
- Exhibits effective team leadership and collaboration skills, with the ability to work effectively with others through conflicting pressures and priorities while resolving complex issues.
Education & Qualifications:
- BA or BS degree in technology, related field, or requisite experience; master's degree and/or additional security certifications preferred.
- Minimum 10+ years' experience in area of Information Security and IT roles.
- Information Security Industry Certifications preferred (CISSP strongly preferred) Audit certification (CISA or equivalent, CISM strongly preferred).
- Proficiency in Cyber security tools, especially endpoint solutions, intrusion prevention systems and data loss prevention systems.
- Strong understanding of information security principles, practices, and technologies, including network security, application security, cloud security and endpoint security.
- Superior written and verbal communication skills to engage with partners and with external information security and privacy professionals.
- Working knowledge of HIPAA, NIST, ISO 27002 & 27799, COBIT, ITIL and Information Security Best Practices.
- Familiar with industry–specific regulations and standards (HIPAA preferred) to ensure organizational compliance.
Blue Cross Blue Shield of Massachusetts is an Equal Opportunity Employer/Affirmative Action Employer. Applicants are considered for all positions without regard to race, color, religion, sex, national origin, age, veteran status, disability, sexual orientation, or any characteristics protected by law.
Minimum Education Requirements:High school degree or equivalent required unless otherwise noted above.
LocationBoston
Time TypeFull time
Salary Range: $292,500.00 – $357,500.00
This job is also eligible for variable pay.
We offer a comprehensive package of benefits including paid time off, medical/dental/vision insurance, 401(k), and a suite of well–being benefits to eligible employees.
WHY Blue Cross Blue Shield of MA?
We understand that the confidence gap and imposter syndrome can prevent amazing candidates coming our way, so please don't hesitate to apply. We'd love to hear from you. You might be just what we need for this role or possibly another one at Blue Cross Blue Shield of MA. The more voices we have represented and amplified in our business, the more we will all thrive, contribute, and be brilliant. We encourage you to bring us your true colors, your perspectives, and your experiences. It's in our differences that we will remain relentless in our pursuit to transform healthcare for ALL.
At Blue Cross Blue Shield of Massachusetts, we believe in wellness and that work/life balance is a key part of associate wellbeing. For more information on how we work and support that work/life balance visit our "How We Work" page.