Point32Health
Director, Cyber and Information Security - Operational Resiliency & Crisis Manag
Point32Health, Hartford, Connecticut, United States
Director, Cyber and Information Security - Operational Resiliency & Crisis Management
Who We Are
Point32Health is a leading not-for-profit health and well-being organization dedicated to delivering high-quality, affordable healthcare. Serving nearly 2 million members, Point32Health builds on the legacy of Harvard Pilgrim Health Care and Tufts Health Plan to provide access to care and empower healthier lives for everyone. Our culture revolves around being a community of care and having shared values that guide our behaviors and decisions. We’ve had a long-standing commitment to inclusion and equal healthcare access and outcomes, regardless of background; it’s at the core of who we are. We value the rich mix of backgrounds, perspectives, and experiences of all of our colleagues, which helps us to provide service with empathy and better understand and meet the needs of the communities where we serve, live, and work.
We enjoy the important work we do every day in service to our members, partners, colleagues and communities. Learn more about who we are at Point32Health.
Job Summary The focus area for this Director will be leading the organization's ability to effectively respond to and recover from events that result in interruption of Point32Health's business operations. In this role, the Director Cyber & Information Security will be focused on leading a team responsible for:
Developing and implementing a strategy and practices that will ensure that the organization is prepared for events that may result in extended interruption of technology systems, applications, or business operations.
Setting requirements and providing education to business and technology stakeholders about their roles in supporting the organization's business continuity, disaster recovery, and incident/crisis management disciplines.
Development, maintenance, and adoption of a single incident/crisis management framework across the organization - all hazard/threat types.
Ensuring that the organization's business continuity and disaster recover procedures/playbooks remain up-to-date
Leading tabletop and simulation exercises to help ensure preparedness and to proactively identify and address opportunities for improvement.
Anticipate the impact of core systems, applications, facilities, and vendor relationships being unavailable and implement plans that will reduce the impact of those events.
Responsibilities
Manage a team of managers/senior leaders responsible for overseeing the core pillars of Cyber & Information Security
Develop and implement policies, standards, and guidelines that continuously increase the organization’s Cyber & Information Security program maturity
Communicate potential security concerns/exposures with recommended improvements
Lead communication and collaboration efforts with the business and IT to ensure quality solutions are delivered
Evangelize the objective to embed security behaviors and principles into the Point32Health culture through active engagement, education, awareness, and partnership
Develop operational excellence in anticipation and response to evolving threats and opportunities to improve cyber and information security
Identify business risk and communicate risk to appropriate leadership
Collaborate with stakeholders to define and implement technical and non-technical controls designed to cyber risk objectives and legal / regulatory obligations.
Maintain the risk repository to continually identify, prioritize, and mitigate cyber and information security related risk issues
Participate in various forums and groups across Point32Health to understand the risk environment and to provide recommendations that effectively incorporate security objectives while balancing the business impact of recommendations provided
Facilitate adoption of leading security practices to remain in compliance with regulations and to support continuous monitoring and improvement goals
Maintain up-to-date knowledge of the cyber and information security industry, including awareness of new or revised security capabilities, improved security processes, threat scenarios, trends, etc.
Identify/recommend tools, processes, software, and protocols to advance or replace current security practices, services, or technologies to meet strategic objectives.
Other duties and projects as assigned.
Education, Certification And Licensure
Bachelor’s degree in Cyber Security, Computer Science, Risk Management, or related field preferred or equivalent experience
Experience (minimum Years Required)
10+ years combined IT, cyber/information security, risk, audit, compliance, with increasing responsibility
5+ years in cybersecurity or field(s) related to the programs for which the role is responsible for
5+ years in a leadership role, preferably with at least 2 of those years overseeing other managers
Experience in leading or sponsoring implementation of technical security solutions within large organizations
Experience developing and implementing process-based security controls, processes, and capabilities
Experience in engaging with and managing vendors responsible for implementing processes and/or IT solutions
Experience creating and maintaining security requirements, guidelines, and procedure documents
Extensive knowledge and experience in security and compliance frameworks such as NIST, ISO, etc
Skill Requirements
Ability to lead a team, including managers, through mentoring, coaching, and motivating
Ability to identify risk within complex, interrelated programs; ability to assess dynamic situations objectively; and to make recommendations or decisions that best align with the corporate strategic objectives
Ability to communicate effectively across multiple levels of the organization including managing through cross-business area or business unit prioritization discussions
Strong relationship building skills; must be able to work collaboratively and cooperatively as a team member, fostering an atmosphere of trust and respect
Ability to influence all levels of staff and senior management in the decision-making process
Deep understanding of IT infrastructure, program portfolio management, application design, and secure software development lifecycle (SDLC) methodologies
Working Conditions and Additional Requirements
Must be able to work under normal office conditions and work from home as required.
Work may require simultaneous use of a telephone/headset and PC/keyboard and sitting for extended durations.
May be required to work additional hours beyond standard work schedule.
Disclaimer The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Management retains the discretion to add to or change the duties of the position at any time.
Compensation & Total Rewards Overview As part of our comprehensive total rewards program, colleagues are also eligible for variable pay. Eligibility for any bonus, commission, benefits, or any other form of compensation and benefits remains in the Company’s sole discretion and may be modified at the Company’s sole discretion, consistent with the law.
Medical, dental and vision coverage
Retirement plans
Paid time off
Employer-paid life and disability insurance with additional buy-up coverage options
Tuition program
Well-being benefits
Full suite of benefits to support career development, individual & family health, and financial health
For more details on our total rewards programs, visit https://www.point32health.org/careers/benefits/
We welcome all All applicants are welcome and will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Scam Alert : Point32Health has recently become aware of job posting scams where unauthorized individuals posing as Point32Health recruiters have placed job advertisements and reached out to potential candidates. These advertisements or individuals may ask the applicant to make a payment. Point32Health would never ask an applicant to make a payment related to a job application or job offer, or to pay for workplace equipment. If you have any concerns about the legitimacy of a job posting or recruiting contact, you may contact TA_operations@point32health.org
Seniority level Not Applicable
Employment type Full-time
Job function General Business and Other Industries: Insurance and Hospitals and Health Care
#J-18808-Ljbffr
Point32Health is a leading not-for-profit health and well-being organization dedicated to delivering high-quality, affordable healthcare. Serving nearly 2 million members, Point32Health builds on the legacy of Harvard Pilgrim Health Care and Tufts Health Plan to provide access to care and empower healthier lives for everyone. Our culture revolves around being a community of care and having shared values that guide our behaviors and decisions. We’ve had a long-standing commitment to inclusion and equal healthcare access and outcomes, regardless of background; it’s at the core of who we are. We value the rich mix of backgrounds, perspectives, and experiences of all of our colleagues, which helps us to provide service with empathy and better understand and meet the needs of the communities where we serve, live, and work.
We enjoy the important work we do every day in service to our members, partners, colleagues and communities. Learn more about who we are at Point32Health.
Job Summary The focus area for this Director will be leading the organization's ability to effectively respond to and recover from events that result in interruption of Point32Health's business operations. In this role, the Director Cyber & Information Security will be focused on leading a team responsible for:
Developing and implementing a strategy and practices that will ensure that the organization is prepared for events that may result in extended interruption of technology systems, applications, or business operations.
Setting requirements and providing education to business and technology stakeholders about their roles in supporting the organization's business continuity, disaster recovery, and incident/crisis management disciplines.
Development, maintenance, and adoption of a single incident/crisis management framework across the organization - all hazard/threat types.
Ensuring that the organization's business continuity and disaster recover procedures/playbooks remain up-to-date
Leading tabletop and simulation exercises to help ensure preparedness and to proactively identify and address opportunities for improvement.
Anticipate the impact of core systems, applications, facilities, and vendor relationships being unavailable and implement plans that will reduce the impact of those events.
Responsibilities
Manage a team of managers/senior leaders responsible for overseeing the core pillars of Cyber & Information Security
Develop and implement policies, standards, and guidelines that continuously increase the organization’s Cyber & Information Security program maturity
Communicate potential security concerns/exposures with recommended improvements
Lead communication and collaboration efforts with the business and IT to ensure quality solutions are delivered
Evangelize the objective to embed security behaviors and principles into the Point32Health culture through active engagement, education, awareness, and partnership
Develop operational excellence in anticipation and response to evolving threats and opportunities to improve cyber and information security
Identify business risk and communicate risk to appropriate leadership
Collaborate with stakeholders to define and implement technical and non-technical controls designed to cyber risk objectives and legal / regulatory obligations.
Maintain the risk repository to continually identify, prioritize, and mitigate cyber and information security related risk issues
Participate in various forums and groups across Point32Health to understand the risk environment and to provide recommendations that effectively incorporate security objectives while balancing the business impact of recommendations provided
Facilitate adoption of leading security practices to remain in compliance with regulations and to support continuous monitoring and improvement goals
Maintain up-to-date knowledge of the cyber and information security industry, including awareness of new or revised security capabilities, improved security processes, threat scenarios, trends, etc.
Identify/recommend tools, processes, software, and protocols to advance or replace current security practices, services, or technologies to meet strategic objectives.
Other duties and projects as assigned.
Education, Certification And Licensure
Bachelor’s degree in Cyber Security, Computer Science, Risk Management, or related field preferred or equivalent experience
Experience (minimum Years Required)
10+ years combined IT, cyber/information security, risk, audit, compliance, with increasing responsibility
5+ years in cybersecurity or field(s) related to the programs for which the role is responsible for
5+ years in a leadership role, preferably with at least 2 of those years overseeing other managers
Experience in leading or sponsoring implementation of technical security solutions within large organizations
Experience developing and implementing process-based security controls, processes, and capabilities
Experience in engaging with and managing vendors responsible for implementing processes and/or IT solutions
Experience creating and maintaining security requirements, guidelines, and procedure documents
Extensive knowledge and experience in security and compliance frameworks such as NIST, ISO, etc
Skill Requirements
Ability to lead a team, including managers, through mentoring, coaching, and motivating
Ability to identify risk within complex, interrelated programs; ability to assess dynamic situations objectively; and to make recommendations or decisions that best align with the corporate strategic objectives
Ability to communicate effectively across multiple levels of the organization including managing through cross-business area or business unit prioritization discussions
Strong relationship building skills; must be able to work collaboratively and cooperatively as a team member, fostering an atmosphere of trust and respect
Ability to influence all levels of staff and senior management in the decision-making process
Deep understanding of IT infrastructure, program portfolio management, application design, and secure software development lifecycle (SDLC) methodologies
Working Conditions and Additional Requirements
Must be able to work under normal office conditions and work from home as required.
Work may require simultaneous use of a telephone/headset and PC/keyboard and sitting for extended durations.
May be required to work additional hours beyond standard work schedule.
Disclaimer The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Management retains the discretion to add to or change the duties of the position at any time.
Compensation & Total Rewards Overview As part of our comprehensive total rewards program, colleagues are also eligible for variable pay. Eligibility for any bonus, commission, benefits, or any other form of compensation and benefits remains in the Company’s sole discretion and may be modified at the Company’s sole discretion, consistent with the law.
Medical, dental and vision coverage
Retirement plans
Paid time off
Employer-paid life and disability insurance with additional buy-up coverage options
Tuition program
Well-being benefits
Full suite of benefits to support career development, individual & family health, and financial health
For more details on our total rewards programs, visit https://www.point32health.org/careers/benefits/
We welcome all All applicants are welcome and will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
Scam Alert : Point32Health has recently become aware of job posting scams where unauthorized individuals posing as Point32Health recruiters have placed job advertisements and reached out to potential candidates. These advertisements or individuals may ask the applicant to make a payment. Point32Health would never ask an applicant to make a payment related to a job application or job offer, or to pay for workplace equipment. If you have any concerns about the legitimacy of a job posting or recruiting contact, you may contact TA_operations@point32health.org
Seniority level Not Applicable
Employment type Full-time
Job function General Business and Other Industries: Insurance and Hospitals and Health Care
#J-18808-Ljbffr