Sr. Manager/Chief Information Security Officer

POSITION SUMMARY

The Chief Information Security Officer (CISO) serves as the strategic process owner for all ongoing activities that serve to protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. This position defines and provides strategic corporate direction that assures organization’s customers that BCBSAZ is a secure company that intends to preserve the privacy and confidentiality of data and will remain their health insurance company.

ESSENTIAL FUNCTIONS

• Serve as Chief Information Security (CISO) Officer and single point of contact for all IT Strategic Security issues. Serve as an expert advisor to Senior Management on Information Security Issues

• Responsible for ensuring that information systems comply with governmental security requirements such as those included in the Health Insurance Portability and Accountability Act (HIPAA)

• Create and maintain the Security Operating model

• Chair the Security Policy Council (SPC) with responsibilities for establish, implement and improve business processes and procedures related to security

• Member of Information Security Steering Committee (ISCC) with responsibilities of setting the Information Security strategy, vision and mission

• Lead the Security Incident Response Team (SIRT) with responsibilities to develop responses to security incidences, including impact analysis and recommendations for avoiding similar vulnerabilities

• Develop and maintain corporate security policies and procedures, security controls

• Constantly update the cyber security strategy to leverage new technology and threat information

• Oversee identity and access management

• Approve identity and access policies

• Establish a schedule for and support internal IT departmental readiness audits

• Work with Internal Audit to ensure that departments consider information security risks in both ongoing and planned operations

• Create and enforce an information security training program

• Participate in confidential system security related reviews for BCBSAZ Advantage leadership

• Assist as necessary to investigate security breaches and pursue associated disciplinary and legal matters

• Keep current on new developments in healthcare related industries and new technology in systems security and computer technology

• Define the Information Security Strategy and Plan for the company in collaboration with the Chief Information Officer, Privacy Officer, and the Head of Enterprise Application Architecture

• Creating, changing, maintaining and decommissioning of the security management framework

• Ensure that disaster recovery and business continuity plans are in place and tested

• Assist as necessary in both internal and external information security audits, assessments and evaluations

• Plan and perform necessary information security due diligence on potential business partners, associates, or any other entity designated by Senior Management

• Monitor security guidelines, such as HIPAA standards to ensure Enterprise Architecture (EA) is in compliance with company and governmental policies/laws

• Ensures Enterprise Architecture tracks warnings of new types of security threats and assures that the systems are in place to guard against those threats

• Performs periodic security audits and tests on existing systems and applications to ensure the security architectural framework is maintained

• Train and oversee information security staff, contractors and vendors

• Maintain CCISO certification annually

PHYSICAL DEMANDS/ENVIRONMENT FACTORS

• OE – Typical Office Environment: (Accountant, Administrative Assistant, Consultant, Program Manager)

• Requires extensive sitting with periodic standing and walking.

• May be required to lift up to 20 pounds.

• Requires significant use of personal computer, phone and general office equipment.

• Needs adequate visual acuity, ability to grasp and handle objects.

• Needs ability to communicate effectively through reading, writing, and speaking in person or on telephone.

• May require off-site travel.

  MINIMUM QUALIFICATIONS

  Required Work Experience

• 8 years of experience with system security

• 5 years of experience with data processing and/or telecommunications

• 5 years of project management experience

• 3 years of management or supervisory experience

• 2 years of Healthcare industry experience

  Required Education

• Bachelor’s degree in information technology, computer systems, or related field

  Required Certifications

• CCISO or equivalent Certification

• HITRUST Certified CSF Practitioner (CCSFP) required within ninety days (90 days) from the hiring date if the incumbent does not have

  REQUIRED JOB SKILLS AND COMPETENCIES

  Required Job Skills

• Intermediate skill in use of office equipment, including copiers, fax machines, scanner and telephones

• Intermediate PC proficiency

• Intermediate proficiency in spreadsheet, database and word processing software

• Advanced Knowledge of hardware, software, telecommunications, operating systems, and applications.

• Knowledge of HIPAA security and privacy standards.

• Knowledge of Microsoft, UNIX, and LINUX operating systems.

  Required Professional Competencies

• Ability to take appropriate risks, using available data.

• Strong analytical skills to support independent and effective decisions..

• Strong verbal and written communications skills and the ability to interact professionally with a diverse group of executives, managers, and subject matter experts.

• Project management skills, with the ability to manage a team to coordinate all planning and implementation activities in system security and/or business continuity fields

• Strong analytical problem solving and workflow management skills demonstrated in a variety of settings; ability to listen carefully to others’ ideas and points of view before deciding how to proceed

• Excellent communication skills, including writing reports, letters and documents for internal/external publication and presenting to and facilitating groups of individuals

• Ability to see the organization in terms of critical and highly interrelated work processes

  Required Leadership Experience and Competencies

• Ability to lead and communicate in a crisis situation

• Ability to develop key working relationships needed to support strategic direction, both internally and external to the department and company

• Ability to set an example for others in the IT organization by working well as a team member

• Provide leadership, promote teamwork, meet objectives and exercise independent judgment

• Experience leading and implementing projects and working collaboratively with other departments levels

• Ability to prioritize tasks and work with multiple priorities, sometimes under limited time constraints.

  PREFERRED QUALIFICATIONS

Preferred Certifications:
Certified Information Systems Security Practitioner (CISSP), Certified Information Security Administrator (CISA), Certified Information Security Manager (CISM), NSA Information Assessment Methodology (NSA-IAM), CompTia Security+ (S+), Certified Computer Forensic Specialist (CCFS), Certified Business Continuity Professional (CBCP)