Resp & Qualifications

PURPOSE:
This function operates as a business line Security Officer within the broader CareFirst organization. The function establishes and executes a cybersecurity strategy to enable the business while ensuring the confidentiality, integrity, and availability of the company's information assets and related technology from cyber threats. The function must proactively work with all key stakeholders to develop a security roadmap with supporting principles, practices, and controls to enable the business vision while ensuring the protection of the technical environment. It is accountable for ensuring compliance and the successful assessment of compliance against all cybersecurity aspects of applicable regulations and contracts and must be able to represent the security program and state of security across a wide range of stakeholders including, but not limited to, the workforce, customers, auditors, regulators, executive management, and the board.

This function is also responsible for leading the business lines Audit, Risk, & Compliance team. The function is responsible for identifying and mitigating risks; managing controls and safeguards to minimize the impact of potential and existing risks affecting the organization; providing governance over operational risk assessments; ensuring compliance with laws, regulations, and organization frameworks; providing a mechanism for capturing the dynamic nature of risks; and overseeing internal/external audits and effectuating remediation of issues identified.

ESSENTIAL FUNCTIONS:

Manage the ongoing compliance, assessment, and maturity of the cybersecurity program against relevant security frameworks (e.g., NIST, HiTRUST, PCI, etc.), contracts, and regulations. Conduct/support assessments/audits by producing evidence of the security posture successfully meeting audit/assessment/maturity targets. Where gaps exist, identify, and execute remediation/continuous improvement plans.
Proactively communicate with internal and external stakeholders on importance of cybersecurity, their role in securing the company, and relevant risks. Ensure that the workforce and extended partners have the appropriate training, education, awareness, and tools to securely perform their functions and understand the necessity of the relevant controls.
Oversee the risk framework, including identifying risks, evaluating frequency, severity, and mitigation strategies. Define, measure, and monitor risks and related risk metrics impactful to the business and their associated mitigation, acceptance, transference, and avoidance. Establish risk appetite for the business ensure risk decisions, including alignment of strategic goals and objectives, are executed in consideration of the impact on the business risk profile and appetite.
Oversee internal and external audits to ensure they are completed in a timely manner and identified issues are remediated to satisfy audit closeout as well as for long term business success.
Oversee the development and implementation of sound business practices to ensure compliance with policies, contractual requirements, and regulatory, federal, and state laws and mandates.
Oversees the strategic and the day-to-day activities of the functions, including directing, coaching, and guiding associates to implement departmental, divisional, and organizational mission/goals. Recruits, retains, and develops a high performing team. Evaluates performance of each team member, generates development plans and sets goals within the context of the corporate policies and procedures. Develops annual goals, and prepares, monitors, and analyzes variances of departmental budgets to control and appropriately allocate resources.

SUPERVISORY RESPONSIBILITY:
This position manages people.

QUALIFICATIONS:

Education Level: Bachelor's Degree in Computer Science, Information Technology, or related field OR in lieu of a Bachelor's degree, an additional 4 years of relevant work experience is required in addition to the required work experience.

Experience:

8 years Related professional experience.
3 years Management experience.

Preferred Qualifications:

Master's degree

Knowledge, Skills and Abilities (KSAs)

Ability to multitask and manage multiple IT vendor relationships.
Ability to lead and work as part of a team.
Ability to execute technology and tool automation processes.
Deep knowledge of risk treatment and mitigation strategies.
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity.
Thorough understanding of cyber threats and vulnerabilities.
Must be able to meet established deadlines and handle multiple customer service demands from internal and external customers, within set expectations for service excellence. Must be able to effectively communicate and provide positive customer service to every internal and external customer, including customers who may be demanding or otherwise challenging.

Salary Range: $161,280 - $299,376
Salary Range Disclaimer

The disclosed range estimate has not been adjusted for the applicable geographic differential associated with the location at which the work is being performed. This compensation range is specific and considers factors such as (but not limited to) the scope and responsibilites of the position, the candidate's work experience, education/training, internal peer equity, and market and business consideration. It is not typical for an individual to be hired at the top of the range, as compensation decisions depend on each case's facts and circumstances, including but not limited to experience, internal equity, and location. In addition to your compensation, CareFirst offers a comprehensive benefits package, various incentive programs/plans, and 401k contribution programs/plans (all benefits/incentives are subject to eligibility requirements).
Department

CISO - Cybersecurity
Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.
Where To Apply

Please visit our website to apply: www.carefirst.com/careers
Federal Disc/Physical Demand

Note: The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.
PHYSICAL DEMANDS:
The associate is primarily seated while performing the duties of the position. Occasional walking or standing is required. The hands are regularly used to write, type, key and handle or feel small controls and objects. The associate must frequently talk and hear. Weights up to 25 pounds are occasionally lifted.
Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship
#LI-KT1