Point32Health
Director, Cyber and Information Security - Operational Resiliency & Crisis Manag
Point32Health, Oklahoma City, Oklahoma, United States
Director, Cyber and Information Security - Operational Resiliency & Crisis Management
Overview Point32Health is a leading not-for-profit health and well-being organization dedicated to delivering high-quality, affordable healthcare. Serving nearly 2 million members, Point32Health builds on the legacy of Harvard Pilgrim Health Care and Tufts Health Plan to provide access to care and empower healthier lives for everyone. Our culture centers on a community of care and shared values that guide our behaviors and decisions. We value inclusion and equal healthcare access and outcomes for all backgrounds, and we strive to understand the communities we serve, live, and work in. Job Summary The focus area for this Director is to lead the organization\'s ability to respond effectively to and recover from events that interrupt Point32Health\'s business operations. The Director, Cyber & Information Security will lead a team responsible for: Developing and implementing a strategy and practices to prepare for events that may cause extended interruption of technology systems, applications, or business operations. Setting requirements and educating business and technology stakeholders about their roles in business continuity, disaster recovery, and incident/crisis management disciplines. Development, maintenance, and adoption of a single incident/crisis management framework across the organization for all hazard/threat types. Keeping business continuity and disaster recovery procedures/playbooks up to date. Leading tabletop and simulation exercises to ensure preparedness and identify opportunities for improvement. Anticipating the impact of core systems, applications, facilities, and vendor relationships being unavailable and implementing plans to reduce impact. The Director will report to the Chief Information Security Officer (CISO) and will lead Cyber & Information Security managers and/or security leaders to ensure core programs are effectively implemented. This role is a senior IT leadership position and requires collaboration across the organization to identify and implement improvements. Responsibilities Manage a team of managers/senior leaders overseeing the core pillars of Cyber & Information Security. Develop and implement policies, standards, and guidelines to increase program maturity. Communicate potential security concerns with recommended improvements. Lead collaboration with the business and IT to ensure quality solutions are delivered. Promote security awareness and embed security principles into the Point32Health culture through education and partnerships. Develop operational excellence for evolving threats and opportunities to improve cyber and information security. Identify business risk and communicate risk to leadership. Collaborate with stakeholders to implement technical and non-technical controls aligned with cyber risk objectives and legal/regulatory obligations. Maintain the risk repository to identify, prioritize, and mitigate cyber and information security risks. Participate in forums to understand the risk environment and provide recommendations balancing security with business impact. Facilitate adoption of leading security practices for regulatory compliance and continuous monitoring and improvement. Maintain knowledge of the cyber and information security industry, including new capabilities and threat trends. Identify/recommend tools, processes, software, and protocols to advance or replace current security practices to meet objectives. Other duties and projects as assigned. Education, Certification And Licensure Bachelor’s degree in Cyber Security, Computer Science, Risk Management, or related field preferred or equivalent experience. Experience (minimum years required) 10+ years combined IT, cyber/information security, risk, audit, or compliance with increasing responsibility. 5+ years in cybersecurity or related programs the role oversees. 5+ years in a leadership role, preferably with at least 2 years overseeing other managers. Experience in leading or sponsoring implementation of technical security solutions in large organizations. Experience developing and implementing process-based security controls, processes, and capabilities. Experience engaging with and managing vendors responsible for security programs or IT solutions. Experience creating and maintaining security requirements, guidelines, and procedures. Extensive knowledge of security and compliance frameworks such as NIST, ISO, etc. Skills Ability to lead a team through mentoring and coaching, fostering growth at Point32Health. Ability to identify risk within complex programs and make objective, strategic recommendations. Strong communication across multiple organizational levels, including prioritization discussions. Relationship-building, collaboration, and a team-focused mindset. Ability to influence senior management and staff decisions. Deep understanding of IT infrastructure, program portfolio management, application design, and secure SDLC methodologies. Working Conditions and Additional Requirements Hybrid work options; normal office and remote work as required. May require extended hours and use of telephone/headset while using a PC. Disclaimer The statements describe the general nature and level of work and are not exhaustive. Management may modify duties as needed. Compensation & Total Rewards Overview Colleagues are eligible for variable pay; compensation and benefits are at the Company\'s sole discretion. Point32Health offers a comprehensive total rewards package, including medical/dental/vision, retirement plans, paid time off, life and disability insurance, tuition program, well-being benefits, and career development support. For details, visit Point32Health\'s careers benefits page. EEO and Scam Notice All applicants are welcome and will be considered without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Scam Alert: Do not pay to apply. Contact TA_operations@point32health.org with concerns about legitimacy. Seniority level Not Applicable Employment type Full-time Job function General Business and Other Industries Insurance and Hospitals and Health Care
#J-18808-Ljbffr
Overview Point32Health is a leading not-for-profit health and well-being organization dedicated to delivering high-quality, affordable healthcare. Serving nearly 2 million members, Point32Health builds on the legacy of Harvard Pilgrim Health Care and Tufts Health Plan to provide access to care and empower healthier lives for everyone. Our culture centers on a community of care and shared values that guide our behaviors and decisions. We value inclusion and equal healthcare access and outcomes for all backgrounds, and we strive to understand the communities we serve, live, and work in. Job Summary The focus area for this Director is to lead the organization\'s ability to respond effectively to and recover from events that interrupt Point32Health\'s business operations. The Director, Cyber & Information Security will lead a team responsible for: Developing and implementing a strategy and practices to prepare for events that may cause extended interruption of technology systems, applications, or business operations. Setting requirements and educating business and technology stakeholders about their roles in business continuity, disaster recovery, and incident/crisis management disciplines. Development, maintenance, and adoption of a single incident/crisis management framework across the organization for all hazard/threat types. Keeping business continuity and disaster recovery procedures/playbooks up to date. Leading tabletop and simulation exercises to ensure preparedness and identify opportunities for improvement. Anticipating the impact of core systems, applications, facilities, and vendor relationships being unavailable and implementing plans to reduce impact. The Director will report to the Chief Information Security Officer (CISO) and will lead Cyber & Information Security managers and/or security leaders to ensure core programs are effectively implemented. This role is a senior IT leadership position and requires collaboration across the organization to identify and implement improvements. Responsibilities Manage a team of managers/senior leaders overseeing the core pillars of Cyber & Information Security. Develop and implement policies, standards, and guidelines to increase program maturity. Communicate potential security concerns with recommended improvements. Lead collaboration with the business and IT to ensure quality solutions are delivered. Promote security awareness and embed security principles into the Point32Health culture through education and partnerships. Develop operational excellence for evolving threats and opportunities to improve cyber and information security. Identify business risk and communicate risk to leadership. Collaborate with stakeholders to implement technical and non-technical controls aligned with cyber risk objectives and legal/regulatory obligations. Maintain the risk repository to identify, prioritize, and mitigate cyber and information security risks. Participate in forums to understand the risk environment and provide recommendations balancing security with business impact. Facilitate adoption of leading security practices for regulatory compliance and continuous monitoring and improvement. Maintain knowledge of the cyber and information security industry, including new capabilities and threat trends. Identify/recommend tools, processes, software, and protocols to advance or replace current security practices to meet objectives. Other duties and projects as assigned. Education, Certification And Licensure Bachelor’s degree in Cyber Security, Computer Science, Risk Management, or related field preferred or equivalent experience. Experience (minimum years required) 10+ years combined IT, cyber/information security, risk, audit, or compliance with increasing responsibility. 5+ years in cybersecurity or related programs the role oversees. 5+ years in a leadership role, preferably with at least 2 years overseeing other managers. Experience in leading or sponsoring implementation of technical security solutions in large organizations. Experience developing and implementing process-based security controls, processes, and capabilities. Experience engaging with and managing vendors responsible for security programs or IT solutions. Experience creating and maintaining security requirements, guidelines, and procedures. Extensive knowledge of security and compliance frameworks such as NIST, ISO, etc. Skills Ability to lead a team through mentoring and coaching, fostering growth at Point32Health. Ability to identify risk within complex programs and make objective, strategic recommendations. Strong communication across multiple organizational levels, including prioritization discussions. Relationship-building, collaboration, and a team-focused mindset. Ability to influence senior management and staff decisions. Deep understanding of IT infrastructure, program portfolio management, application design, and secure SDLC methodologies. Working Conditions and Additional Requirements Hybrid work options; normal office and remote work as required. May require extended hours and use of telephone/headset while using a PC. Disclaimer The statements describe the general nature and level of work and are not exhaustive. Management may modify duties as needed. Compensation & Total Rewards Overview Colleagues are eligible for variable pay; compensation and benefits are at the Company\'s sole discretion. Point32Health offers a comprehensive total rewards package, including medical/dental/vision, retirement plans, paid time off, life and disability insurance, tuition program, well-being benefits, and career development support. For details, visit Point32Health\'s careers benefits page. EEO and Scam Notice All applicants are welcome and will be considered without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. Scam Alert: Do not pay to apply. Contact TA_operations@point32health.org with concerns about legitimacy. Seniority level Not Applicable Employment type Full-time Job function General Business and Other Industries Insurance and Hospitals and Health Care
#J-18808-Ljbffr