Sr Director - Information Risk Management
The Senior Director of Information Risk Management (IRM) is a critical people leader role in IRM, one of only two senior directors on the VP and Chief Information Security Officer’s leadership team. This role is the IRM representative on several key governance committees, including the IT Project Review Board (ITPRB) and Application Technology Council (ATC). In addition to helping define information security strategy and roadmap, this role is responsible for the health of external information protection ecosystem, including suppliers, clients, subsidiaries, and auditors. The leader in this role will define and execute the strategies that ensure regulatory and contractual compliance are among the healthy outcomes of an industry-leading information protection program whose maturity grows every year. The leader will ensure that the IRM program addresses companies’ robust information protection threat model and meets the most demanding expectations of our commercial, health plan, and defense sector clients. In addition to the CIO, CISO and other senior IT leaders, this role interfaces regularly with members of Senior Staff (CEO, President, CFO, SVP of Sales, etc.); clients’ CISOs and IRM staff; internal and external auditors; VPs in Procurement, Enterprise Risk, Sales & Account Management, etc.; and suppliers’ CISOs and IRM staff. This leader’s success is delivered through attracting and retaining top talent, and supporting them with consistent application of threat modeling, industry best practice, and innovative use of information protection tools and principles.
• Manages teams at multiple sites to deliver comprehensive information risk management solutions, establishing workload balancing and prioritizing tasks and projects based on expert assessment of risks and threats.
• Works to develop employees’ skills, evaluates performance, provides feedback, and leads by example, making company the workplace of choice for top information risk management professionals.
• Engages with senior representatives from clients, vendors, and auditors to provide full-spectrum alignment on company’s information protection program, and our obligations to our patients, clients, workforce, and shareholders.
• Establishes, communicates and administers short and long-term strategies in coordination with all other IS and business senior management.
• Defines, tracks, tunes, and reports on KPI’s and KRI’s relevant to company’s overall information protection health scorecard.
• Effectively budgets and forecasts capital, labor, and non-labor budgets, utilizing best methods and partners as required to deliver on commitments.
• Represents Information Technology in cross-functional meetings and projects. Prepares for, implements and communicates new corporate initiatives and processes within assigned team.
• Bachelor’s degree and 12+ years’ industry experience required
• 8+ years of increasing experience in information security, information protection, and/or IT audit functions (CISSP, CISA or equivalent experience)
• Track record of delivering quantifiable risk reduction and optimizing investment in information protection
• Excellent communication skills, including presentations to senior client, company and IT leaders (including CISO, CIO, CFO, CPO, etc.)
• Proven skills in leading high talent teams in local and remote locations
• Strong ability to motivate employees, handle difficult employee relations issues and create a culture that supports high employee morale
• Advanced problem solving skills and the ability to work collaboratively with other departments to resolve complex issues with innovative solutions
• Demonstrated ability to prioritize work load and meet project deadlines
• Experience with strategic work planning and budgeting required
• Demonstrated ability to manage toward budget and work plan goals
• Ability to adapt in a dynamic work environment and make independent decisions
• Ability to negotiate with vendors
• Familiarity with health care or PBM industry very helpful
• Some travel required
Yes, 10 % of the Time
More Information About the Job
Is Relocation Available?
Are you open to sponsorship?
Is there flexibility in hours and/or the ability to work remote?
This position is:
Is there a bonus structure?
20% or higher
Is there equity?
Who does this position report to?
The position will report to the VP – Information Risk Management and CISO
Does this position have direct reports?