Director Cyber Security Policy and Controls Governance

Profile

Description

The Director, Cyber Security Policy and Standards will lead the Policy and Control Governance team within Enterprise Information Protection. This area develops and manages governance processes and standards to ensure that IT and cyber security standards, architecture/designs, plans, controls, processes, and procedures align with policy and control requirements. The Director role oversees the complete policy life cycle management process, cloud control governance, core control governance, and control review services.

This role will drive the development and companywide implementation of control governance standards utilizing existing control frameworks. Control governance standards will guide enterprise wide IT and business processes on security control requirements to enable business and IT goals and to align with compliance and risk processes.

Responsibilities

Key Responsibilities

The Director ensures that security policies and controls are aligned with regulatory requirements and industry best practices and support business and IT strategic goals. Essential tasks include the development, implementation and management of control governance standards for Information Security and IT architecture designs, plans, controls, processes. The role will be responsible for control review and guidance services including enterprise level control recommendations and risk assessment. The Director leads a team of security policy and control professionals and ensures the development of individual skill sets and growth paths.

Key Competencies:

Builds Trust: Strong team player who consistently models and inspires high levels of integrity, lives up to commitments and takes responsibility for the impact on one's actions. Requires little to no instruction on day-to-day work.

Leads Change: Guides and energizes others, models adaptability and inspires strong organizational performance through periods of transformation, ambiguity and complexity.

Communication: Ability to interact and effectively communicate complex topics to all levels of management within and outside of the organization. Understand the needs and perspectives of others and tailors delivery accordingly.

Accountability: Exercises independent judgment / decision making on complex issues. Competent to work independently, meet established expectations and take responsibility for achieving results, and ensures direct reports to do the same.

Role Essentials:

Bachelor's degree in Cyber Security, Computer Science, Information Technology or a related field

8 or more years of progressive leadership in an Information Security or IT leadership position

Experience with Governance Risk and Compliance technologies and their implementation

Experience working with control frameworks such as HITRUST CSF, NIST CSF, NIST 800-53, CSA-CCM

Proven experience in developing and implementing control governance processes

Strong experience in designing and managing security policies and controls.

Experience integrating Cyber Security technologies with existing technologies including cloud services

Strong ability to assess urgency and prioritization and make good decisions based upon situational circumstances

Excellent communication skills with the ability to influence others

Must be passionate about contributing to an organization focused on continuously improving governance and compliance management

Role Desirables:

Experience in all aspects of control governance from a previous role.

Strong knowledge of key compliance and IT frameworks such as: CSA-CCM, PCI, HITRUST, SOC1, SOC2, HIPAA, COBIT, ITIL.

Cloud service experience

Master's Degree preferred

Professional certifications such as CISA, CISSP, CRISC, CGEIT, Cloud certifications such as CCSP, CCSK, CSP-based certifications) preferred.

Ability to interpret and understand business needs and convey such issues to information security teams.

Scheduled Weekly Hours

40

Company info

Humana Inc.
Website : http://www.humana.com