Business Info Security Officer
The Business Information Security Officer (BISO) will face off to various levels of stakeholders across the enterprise to ensure that the enterprise-wide vision, strategy, architecture, policies and programs set forth by the Chief Information Security Officer are correctly implemented in the supported business unit. The BISO will also maintain an understanding of the challenges facing healthcare; information technology (IT) systems are secure, and security and business continuity risk/reward decisions are balanced, as well as comply with external regulatory and legislative requirements. The incumbent will support an information privacy and security-conscious culture within the business unit. Support information security initiatives, monitoring and auditing of compliance with regulatory and internal standards including investigations related to policy violations, security breaches and computer crimes. Collaborate with matrix model leaders to ensure strategic vision includes appropriate customer security requirements, as well as reassure customers and accounts that security is a top priority for Horizon BCBSNJ. Be an advocate for security and privacy at all relevant business unit meetings and functions.
* Embed as part of the business to ensure information risks are identified, assessed, mitigated and controlled through the deployment of a sustainable information security risk management program.
* Develop and maintain a deep understanding of the business in order to have specialized information security risk-based discussions.
* Work with the business and enterprise security to recommend changes, enhancements or additions to the security controls of business applications that will enhance the Information Security profile of the organization's processes.
* Advocate for business unit requirements in all matters related to cybersecurity risk.
* Advise business unit senior management on risk levels and security posture, as well as advises business unit senior management on cost/benefit analysis of information security programs, policies, processes, systems, and elements directly impacting their division or enterprise.
* Counsels appropriate business unit senior leadership of changes affecting the organization's cybersecurity posture, and communicate the value of information and cyber security throughout all levels of the organization stakeholders.
* Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.
* Collaborate with matrix model leadership to develop strategic objectives for the company.
* Proactively monitors the regulatory environment for emerging requirements that will affect the information security program and initiatives.
* Directs the coordination of changes in business, technology, and threat environments and develops strategies for addressing new risks to systems and information.
* Facilitates the business units vendor relationships and ensures that appropriate contract provisions are in place for timely updates to address emerging vulnerabilities.
* Facilitates the implementation of controls to protect the infrastructure from intrusion and from damage caused by malware and other threats.
* Coordinates the execution of an incident management process with business unit stakeholders that ensures timely detection, containment, and eradication of threats; recovery from resulting damage; and corrective action to minimize the risk of future incidents.
* Facilitates the business unit participation in audit and regulatory examinations and directs initiatives to address findings and meet commitments.
* Consult with IT to ensure that security is factored into the evaluation, selection, installation and configuration of relevant business unit hardware, applications and software.
* Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).
* Skill to use critical thinking to analyze organizational patterns and relationships.
* Deep information security management and broad technical security knowledge.
* Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives; particularly HIPAA, NIST, and HITRUST.
* Ability to relate strategy, business, and technology in the context of organizational dynamics.
* Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
Subject matter expert in:
* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
* Knowledge of cybersecurity principles.
* Knowledge of cyber threats and vulnerabilities.
* Knowledge of specific operational impacts of cybersecurity lapses.
* Bachelor's degree in a technical discipline or business management discipline required; a degree in Computer Science, Computer Engineering or Information Technology is preferred.
* Master's Degree in Computer Science, Computer Engineering, Information Security / Assurance, or related field preferred.
* ISACA Certified Information Security Manager or Certified Information System Security Professional required.
* At least 5 years of information and cyber security experience is required.
* At least 6 years of experience with management approaches, tools, and techniques for gaining the cooperation and support of others.
* At least 5 years of leadership in heavily regulated organizations (e.g. Healthcare, Financial Services, or Federal Government).
Horizon Blue Cross Blue Shield of New Jersey is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or status as an individual with a disability and any other protected class as required by federal, state or local law.
Location: Newark, NJ
Activation Date: Friday, September 20, 2019
Expiration Date: Tuesday, October 22, 2019
POST JOBS FOR FREE