Responsible and accountable for the IT Governance (Policy Management, Enterprise Security Framework, Data Governance), IT Risk (Risk Register, Vendor security assessments, Enterprise and Product Risk Assessments), IT Compliance (Control Compliance, Regulatory Compliance, Audits Including: NIST 800-53, 171, SOC1, 2, SOX, HITRUST). Serves as a leader and mentor within the Information Security organization and beyond, providing master level expertise from various IT disciplines with focus in information security. Champions teams and other business units to promote a secure organization through positive knowledge sharing, training, influences, and conduct.
- Accountable for the oversight and management of all elements of one or more functional areas within the office of the CISO, including supervision and mentorship of subordinates.
- Partner with Information Technology leaders to facilitate Governance, Risk and/or compliance of security controls with Magellan information systems regarding HIPAA, PCI, and other applicable regulatory and contractual requirements, ensuring effective operations of Magellan systems, networks, business partner agreements, and interconnections.
- Builds and maintains highly engaged teams. Leads teams to execute on strategy and to continuously improve service levels. Cascades strategy through teams and ensures teams are resourced to focus on work that drives strategy. Demonstrates and holds teams accountable for financial stewardship through the reduction of operational costs and improving throughput through self-service and automation. Ties performance to outcomes and strategy. Develops talent across the organization to ensure bench strength for key roles. Leads teams through change. Establishes and maintains a communication cadence for individual updates, teams, customers, and other teams as needed to drive engagement and outcomes.
- Partner with business and IT leaders in security methodology, ensuring new and existing business relationships adequately address information security risk through vendor management and assessment processes and procedures.
- Review RFPs and projects to ensure security standards are applied, prescribing appropriate protection configurations will balance business requirements with enterprise technology standards to arrive at the optimal solution.
- Support the development, implementation, monitoring, and evolution of effective and reasonable policies and practices to secure sensitive information and ensure security and compliance with contracts, regulatory requirements, and industry standards.
- Support the coordination and tracking of all information technology and security related audits including scope of business units involved, timelines, and outcomes. rovide guidance, evaluation and advocacy throughout audit processes.
- Support the office of the CISO in establishing annual and long-term Information Security strategy and goals, defining security metrics, reporting mechanisms, and maintaining the Information Security maturitymodel.
- Support in the design, development, and deployment of proactive security initiatives around information security GRC that contribute to an improved security posture for the organization .
- Develop and continuously refine overall GRC, including critical areas such as security and audit matters in addition to setting strategy.
- Participate in the strategic sourcing process for acquiring infrastructure security assets and infrastructure services, including selection, negotiations and contractfinalization.
Other Job Requirements
- 12+ years of experience in IT Business Operations with 4+ years leading and managing teams.
- Experience in health care, insurance or related field.
- Critical thinker.
- Demonstrated problem solving techniques.
- Strong verbal and written communication skills.
- Ability to coach and build skills within the team.
General Job Information
Senior Director Governance Risk Compliance - RemoteGrade
Bachelors: Computer and Information Science (Required)