Description

Lead the creation and deployment of defined and structured processes to support evolving and maintaining the cyber risk management program. Work across the BCBSA organization to align cyber risk management with the organization's goals and outcomes. Utilize both analytical and qualitative assessment approaches to identify, assess, and develop appropriate mitigation plans and strategies. Apply experience to effectively manage cyber risk at technical and non-technical levels to help the organization understand where and how to maintain target business risk tolerance. Support IT and information security leadership in making risk informed decisions and shaping the future direction of BCBSA's cybersecurity program. Assess internal and third-party supplier risks, realistically translate them for both technical and non-technical audiences, and clearly articulate recommended actions and organizational impact.

Responsible for providing Cyber Risk leadership and subject matter expertise on all assigned projects. Responsible for identifying day-to-day task assignments and providing technology and project management guidance on deliverables. Validates and ensures Cyber Risk requirements are thorough, testable, detailed, concise and traceable. Accountable for project deliverables, estimates, project team-structures, technical artifacts, and engagement of all project stakeholders. Responsible for project planning, budget approvals, estimation and management for all project deliverables, collaborates with Service Delivery managers as appropriate. Proficient in implementing cyber risk processes, leads teams to attain goals, pursue excellence and establish discipline specific best-practices. Responsible for driving all project decisions, strong ability to make timely decisions and establish project governance. Collaborates with other team-members, peers and builds trust, exhibits sense of urgency, biased for action and possesses good follow-up skills. Customer focused with ability to persuade and drive consensus to resolve conflict and facilitate timely decision making. Reviews and approves team progress reports, expenses, invoices and contracts in a thorough and timely manner. Reviews the status reports of team members and addresses issues as appropriate. Complies with and helps to enforce standard policies and procedures. Provides and seeks timely feedback to IT partners, peers and team-members. Provides leadership as a product champion for cyber risk in the Governance, Risk and Compliance technology platform and Cyber Risk direction to business by establishing a vision and risk strategy to meet established project goals and objectives, while focused on continuous improvement. Provides project team(s) business/technical leadership and guidance on day to day tasks. Responsible for driving change for implementing process improvements and ensuring long term compliance. Leads the creation and maintenance of methodologies and processes for the department. Expected to lead multiple, simultaneous projects and time-critical deliverables. Lead and manage a team with the aim of driving effective performance management, fostering professional growth, and creating a positive and inclusive work environment. This role is dedicated to utilizing strong leadership and communication skills to motivate and inspire team members, ensuring they are aligned with and committed to achieving the organization's goals. Maintains a formal risk register that drives security, governance and ensures security findings are aligned with business objectives. Responsible for maintaining positive working relationships with all groups, cross-functional teams, including technical. Identifies opportunities/needs and works with team-leads and other directors to enhance relationships and influence decisions outside of direct functional reporting structure. Provides budget forecasts and estimates for Cyber Risk activities on a continuous basis. Responsible for variance analysis and justifications and following the established BCBSA processes/procedures. Responsible for providing status updates to Senior/Executive management. Responsible for escalating risks/issues with customer issues appropriately and in a timely manner. Ensures design, development, testing and investigative activities lead to appropriate resolution. Effectively and tactfully communicates relevant and potentially difficult/sensitive information to senior management. Responsible for engaging, understanding and effectively communicating needs of business to IT teams/partners Resolves and/or escalates issues, proposes alternatives, and sets or manages expectations in a timely fashion. Responsible for leading and managing delivery on multiple projects and responsible for all project related resource management, task-prioritization and development. Frequent Plan interactions via System Advisory Group or project communications to ensure business solutions meet Plan needs and implementation/budget concerns are understood. Frequent project participation/collaboration to ensure technical solutions meet business needs.

The posting range for this position is:
$144,110.00-$207,288.75

Qualifications:

Education

• Required Bachelor's Degree IT, information Security, Risk or IT Management, Computer Science, or a related field; or equivalent work experience

Experience

• Required 10+ Years career experience in IT or a closely related field

Knowledge Skills and Abilities

• Knowledge of national and international regulatory and compliance frameworks such as NIST Cybersecurity Framework, ISO 27001, EU DPD, HIPAA/HITECH.
• Extensive knowledge in the use of Project Management methodologies and tools, and change management techniques. Demonstrated leadership, mentoring, and project management skills.
• Understanding of current application cyber risk development methodologies and risks, researching emerging technologies and possible application to the business.

The posted salary range is the lowest to highest salary we , in good faith , believe we would pay for this role at the time of this posting . We may ultimately pay more or less than the hiring range and t his hiring range may also be modified in the future. A candidate's position within the hiring range may be based on several factors including, but not limited to, specific competencies, relevant education, qualifications, certifications, relevant experience, skills, seniority, performance, shift, travel requirements, and business or organizational needs. This job is also eligible for annual bonus incentive pay.

We offer a comprehensive package of benefits including paid time off, 11 holidays, medical/dental/vision insurance, generous 401(k) matching , lifestyle spending account and m any other benefits to eligible employees.

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, or any other form of compensation that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company's sole discretion, consistent with the law.