Blue Cross Blue Shield Association
Senior Cybersecurity Risk Lead Consultant
Blue Cross Blue Shield Association, Washington, District of Columbia, us, 20022
Responsibilities
Lead the creation and deployment of defined and structured processes to support evolving and maintaining the cyber risk management program. Work across the BCBSA organization to align cyber risk management with the organization's goals and outcomes. Utilize both analytical and qualitative assessment approaches to identify, assess, and develop appropriate mitigation plans and strategies. Apply experience to effectively manage cyber risk at technical and non‑technical levels to help the organization understand where and how to maintain target business risk tolerance. Support IT and information security leadership in making risk informed decisions and shaping the future direction of BCBSA's cybersecurity program. Assess internal and third‑party supplier risks, realistically translate them for both technical and non‑technical audiences, and clearly articulate recommended actions and organizational impact.
Responsible for providing Cyber Risk leadership and subject matter expertise on all assigned projects. Identify day‑to‑day task assignments and provide technology and project management guidance on deliverables. Validate and ensure Cyber Risk requirements are thorough, testable, detailed, concise, and traceable. Accountable for project deliverables, estimates, team structures, technical artifacts, and engagement of all project stakeholders.
Responsible for project planning, budget approvals, estimation, and management for all project deliverables, collaborating with Service Delivery managers as appropriate. Proficient in implementing cyber risk processes, leading teams to attain goals, pursue excellence, and establish best‑practice discipline. Drive all project decisions, make timely decisions, and establish governance. Collaborate with team members, peers and build trust, exhibit sense of urgency, biased for action and possess follow‑up skills.
Reviews and approves team progress reports, expenses, invoices and contracts in a thorough and timely manner. Reviews status reports of team members and addresses issues as appropriate. Complies with and enforces standard policies and procedures. Provides and seeks timely feedback to IT partners, peers and team members.
Provides leadership as a product champion for cyber risk in Governance, Risk and Compliance technology platform and directs cyber risk strategy to business by establishing vision and risk strategy to meet project goals, focusing on continuous improvement. Guide project teams day‑to‑day. Drive changes for process improvements, ensure long‑term compliance. Lead creation and maintenance of methodologies and processes for the department. Lead multiple simultaneous projects with time‑critical deliverables.
Lead and manage a team focused on performance management, professional growth, and inclusive environment. Motivate and inspire team members, ensuring alignment with organization goals.
Maintain formal risk register that drives security governance and ensures findings align with business objectives.
Maintain positive working relationships with all groups, cross‑functional teams, and technical leads. Identify opportunities and work with directors to enhance relationships and influence outside of direct reporting structure.
Provide budget forecasts and estimates for Cyber Risk activities. Responsible for variance analysis and justifications following established BCBSA processes.
Provide status updates to Senior/Executive management. Escalate risks/issues with customers appropriately and timely. Ensure design, development, testing, and investigative activities lead to resolution.
Communicate relevant and potentially sensitive information to senior management tactfully.
Engage, understand, and communicate business needs to IT teams/partners. Resolve and/or escalated issues, propose alternatives, and set/manage expectations timely.
Lead and manage delivery on multiple projects and responsible for all project‑related resource management, task‑prioritization, and development. Frequent plan interactions via System Advisory Group to ensure solutions meet Plan needs and implementation/budget concerns are understood.
Qualifications
Education: Bachelor’s Degree in IT, information security, risk, IT management, computer science, or related field; or equivalent experience.
Experience: 10+ years career experience in IT or closely related field.
Knowledge, Skills, and Abilities: Knowledge of national and international regulatory frameworks such as NIST Cybersecurity Framework, ISO 27001, EU DPD, HIPAA/HITECH. Extensive knowledge of project management methodologies, tools, and change management techniques. Leadership, mentoring, and project management skills. Understanding of cyber risk development methodologies and emerging technologies.
Compensation and Benefits The posting range for this position is $144,110.00–$207,288.75. The salary range is the lowest to highest salary we believe we would pay for this role at the time of this posting. The range may be modified in the future. Candidate’s position within the hiring range may be based on competencies, qualifications, certifications, relevant experience, skills, seniority, performance, shift, travel requirements, and business needs. This job is also eligible for annual bonus incentive pay. We offer a comprehensive package of benefits including paid time off, 11 holidays, medical/dental/vision insurance, generous 401(k) matching, lifestyle spending account and any other benefits to eligible employees. No amount of pay is considered wages or compensation until earned, vested, and determinable. The amount and availability of any bonus, commission, or other form of compensation is at the Company's discretion until paid and may be modified at the Company's discretion consistent with the law.
#J-18808-Ljbffr
Responsible for providing Cyber Risk leadership and subject matter expertise on all assigned projects. Identify day‑to‑day task assignments and provide technology and project management guidance on deliverables. Validate and ensure Cyber Risk requirements are thorough, testable, detailed, concise, and traceable. Accountable for project deliverables, estimates, team structures, technical artifacts, and engagement of all project stakeholders.
Responsible for project planning, budget approvals, estimation, and management for all project deliverables, collaborating with Service Delivery managers as appropriate. Proficient in implementing cyber risk processes, leading teams to attain goals, pursue excellence, and establish best‑practice discipline. Drive all project decisions, make timely decisions, and establish governance. Collaborate with team members, peers and build trust, exhibit sense of urgency, biased for action and possess follow‑up skills.
Reviews and approves team progress reports, expenses, invoices and contracts in a thorough and timely manner. Reviews status reports of team members and addresses issues as appropriate. Complies with and enforces standard policies and procedures. Provides and seeks timely feedback to IT partners, peers and team members.
Provides leadership as a product champion for cyber risk in Governance, Risk and Compliance technology platform and directs cyber risk strategy to business by establishing vision and risk strategy to meet project goals, focusing on continuous improvement. Guide project teams day‑to‑day. Drive changes for process improvements, ensure long‑term compliance. Lead creation and maintenance of methodologies and processes for the department. Lead multiple simultaneous projects with time‑critical deliverables.
Lead and manage a team focused on performance management, professional growth, and inclusive environment. Motivate and inspire team members, ensuring alignment with organization goals.
Maintain formal risk register that drives security governance and ensures findings align with business objectives.
Maintain positive working relationships with all groups, cross‑functional teams, and technical leads. Identify opportunities and work with directors to enhance relationships and influence outside of direct reporting structure.
Provide budget forecasts and estimates for Cyber Risk activities. Responsible for variance analysis and justifications following established BCBSA processes.
Provide status updates to Senior/Executive management. Escalate risks/issues with customers appropriately and timely. Ensure design, development, testing, and investigative activities lead to resolution.
Communicate relevant and potentially sensitive information to senior management tactfully.
Engage, understand, and communicate business needs to IT teams/partners. Resolve and/or escalated issues, propose alternatives, and set/manage expectations timely.
Lead and manage delivery on multiple projects and responsible for all project‑related resource management, task‑prioritization, and development. Frequent plan interactions via System Advisory Group to ensure solutions meet Plan needs and implementation/budget concerns are understood.
Qualifications
Education: Bachelor’s Degree in IT, information security, risk, IT management, computer science, or related field; or equivalent experience.
Experience: 10+ years career experience in IT or closely related field.
Knowledge, Skills, and Abilities: Knowledge of national and international regulatory frameworks such as NIST Cybersecurity Framework, ISO 27001, EU DPD, HIPAA/HITECH. Extensive knowledge of project management methodologies, tools, and change management techniques. Leadership, mentoring, and project management skills. Understanding of cyber risk development methodologies and emerging technologies.
Compensation and Benefits The posting range for this position is $144,110.00–$207,288.75. The salary range is the lowest to highest salary we believe we would pay for this role at the time of this posting. The range may be modified in the future. Candidate’s position within the hiring range may be based on competencies, qualifications, certifications, relevant experience, skills, seniority, performance, shift, travel requirements, and business needs. This job is also eligible for annual bonus incentive pay. We offer a comprehensive package of benefits including paid time off, 11 holidays, medical/dental/vision insurance, generous 401(k) matching, lifestyle spending account and any other benefits to eligible employees. No amount of pay is considered wages or compensation until earned, vested, and determinable. The amount and availability of any bonus, commission, or other form of compensation is at the Company's discretion until paid and may be modified at the Company's discretion consistent with the law.
#J-18808-Ljbffr