Manager, Security Infrastructure (Remote)

We take great strides to ensure our employees have the resources to live well, be healthy, continue learning, develop skills, grow professionally and serve our local communities. We invite you to apply for a career with Blue Cross.

Please note that effective Jan. 4, 2022, Blue Cross and Blue Shield of Louisiana implemented a policy requiring any employee who enters any of our offices or who interacts in person with anyone for company business purposes to be fully vaccinated for COVID 19, unless legally entitled to a reasonable accommodation related to religious or medical exemptions. At this time, that policy is suspended and vaccination is not required to enter our facilities. Please note this is subject to change at any point in time to ensure compliance with company policy or government mandates and certain client facing roles may have separate protocols.

Residency in or relocation to Louisiana is preferred for all positions.

We will consider remote work in the following states: LA, AL, AR, FL, GA, KY, MS, NH, NC, PA (limited counties), TN, TX, VA, WV, WI.

POSITION PURPOSE

Responsible for managing & directing the enterprise cybersecurity defense management engineering functions including building, developing, implementing, maintaining, and supporting technical security capabilities (protective and detective technologies) to ensure network & data protection, incident / breach response assistance, business objectives delivery, and compliance with internal controls and external / regulatory demands. Accountable for complying with all laws and regulations associated with duties and responsibilities.

NATURE AND SCOPE

• Manages People
• This role directly manages 8 - 10 workers
• This role reports to this job: Director, Security Infrastructure & Operations
• Necessary Contacts: In order to effectively fulfill this position the incumbent must be in contact with the all levels of management and staff, provider administration, other Blue Cross plans, vendors, federal and state agencies and healthcare associations; inter-company personnel to determine user needs; divisional personnel to discuss status of projects; meets with providers, service bureaus, professional groups.

QUALIFICATIONS

Education

• Bachelor's in Computer Science, Business Administration, or related field required. Four years of related experience can be used in lieu of a degree. Two years of military experience and training specific to Information Technology may substitute for a degree. CISSP certification may also substitute for the Bachelor's degree.

Work Experience

• 5 years of related work experience in the cybersecurity area required. Healthcare experience preferred.
• 2 years of leadership experience required. Experience can run concurrently
• Requires in-depth knowledge of enterprise class cybersecurity tools, techniques, and protocols.

Skills and Abilities

• Must have proven experience with endpoint & network security, security incident response / SIEM and forensics, security orchestration & automation tools, systems & server security, and vulnerability or penetration testing. Must have in-depth knowledge of MS-Windows, Linux/Unix, firewalls, SIEMs, email security, and endpoint security tools.
• Experience in defining, developing, and/or monitoring cybersecurity engineering metrics is required.
• Must have experience in gathering, documenting, and analyzing business requirements and developing security solution options.
• Experience in training and/or evaluating technical staff required.
• Working knowledge of NIST and ITIL frameworks and industry best practices is required.

Licenses and Certifications

• Information Security Industry certification required (e.g. ISC2, GIAC, ISACA).

ACCOUNTABILITIES AND ESSENTIAL FUNCTIONS

• Manages the development, deployment, and execution of controls and defenses to ensure the security and risk mitigation of company infrastructure technology, information systems, and digital data. Analyzes business needs and establishes priorities for protection of critical systems and operational policies. Manages the development, engineering, and maintenance of endpoint & network security, security incident response / SIEM and forensics, systems & server security, and vulnerability or penetration testing systems. Ensures Cybersecurity technology systems are properly configured and maintained to support Information Assurance objectives. Contributes to the cybersecurity aspects of the design of systems. Ensures the review and appraisal of the soundness, adequacy and application of security and other controls for the protection of information assets. Evaluates potential business impacts from security breaches and provides strategic and tactical guidance to business decision-makers. Develops and executes security systems compliance processes & procedures. Identifies CyberSecurity engineering goals, objectives, and metrics consistent with corporate strategic plan. Develops, implements, and maintains CyberSecurity engineering practices, processes, and procedures. Assists with incident response & investigation of CyberSecurity breaches as needed. Keeps up-to-date on cybersecurity and healthcare industry developments to offer solutions that provide the greatest security for the organization and its customers' privacy and confidentiality
• Leads the enterprise vulnerability assessment, identification, & reporting functions. Ensures development and maintenance of process playbooks, run-books, and other relevant documentation as it pertains to vulnerability management. Ensures effective communication / coordination of vulnerabilities and remediation tracking with key stakeholders. Identifies and escalates vulnerability risk issues & coordinates remediation escalation activities as needed. Keeps abreast of latest CyberSecurity legislation, regulation, advisories, alerts and vulnerabilities pertaining to BCBSLA. Aware of latest security and confidentiality threats, trends and tools to protect information and enhance performance
• Directs the activities of technical staff & contractors and provides performance evaluations and recommendations within established policies and guidelines, including training new workforce members. Works with management at all levels in other divisions and business units to ensure that business needs are properly identified and prioritized. Effectively collaborates internally and externally to ensure that proper resources are aligned to meet the business demand. Develops, manages, and builds strong relationships/partnerships with stakeholders, vendors, peers/other teams, and staff to ensure a high level of personal and team understanding of the stakeholder business operations, support needs, and service expectations. Demonstrates effective and timely communication to stakeholders, management, teams and vendors as applicable regarding status, issues, project plans, procedures, processes, systems and architecture to meet client needs and expectations. Utilizes professional knowledge and experience to set departmental goals which align with functional strategy. Focuses on achievement of departmental goals and plays a significant part in achieving functional goals. Maintains cost controls and budgetary planning. Delivers regular reports to Director of CyberSecurity Engineering & Operations

Additional Accountabilities and Essential Functions
The Physical Demands described here are representative of those that must be met by an employee to successfully perform the Accountabilities and Essential Functions of the job. Reasonable accommodations may be made to enable an individual with disabilities to perform the essential functions

• Perform other job-related duties as assigned, within your scope of responsibilities.
• Job duties are performed in a normal and clean office environment with normal noise levels.
• Work is predominately done while standing or sitting.
• The ability to comprehend, document, calculate, visualize, and analyze are required.

#LI_DB1

An Equal Opportunity Employer

All BCBSLA EMPLOYEES please apply through Workday Careers.

PLEASE USE A WEB BROWSER OTHER THAN INTERNET EXPLORER IF YOU ENCOUNTER ISSUES (CHROME, FIREFOX, SAFARI)

Additional Information

Please be sure to monitor your email frequently for communications you may receive during the recruiting process. Due to the high volume of applications we receive, only those most qualified will be contacted. To monitor the status of your application, please visit the "My Applications" section in the Candidate Home section of your Workday account.

If you are an individual with a disability and require a reasonable accommodation to complete an application, please contact [email protected] for assistance.

In support of our mission to improve the health and lives of Louisianians, Blue Cross encourages the good health of its employees and visitors. We want to ensure that our employees have a work environment that will optimize personal health and well-being. Due to the acknowledged hazards from exposure to environmental tobacco smoke, and in order to promote good health, our company properties are smoke and tobacco free.

Blue Cross and Blue Shield of Louisiana performs background and pre-employment drug screening after an offer has been extended and prior to hire for all positions. As part of this process records may be verified and information checked with agencies including but not limited to the Social Security Administration, criminal courts, federal, state, and county repositories of criminal records, Department of Motor Vehicles and credit bureaus. Pursuant with sec 1033 of the Violent Crime Control and Law Enforcement Act of 1994, individuals who have been convicted of a felony crime involving dishonesty or breach of trust are prohibited from working in the insurance industry unless they obtain written consent from their state insurance commissioner.

Additionally, Blue Cross and Blue Shield of Louisiana is a Drug Free Workplace. A pre-employment drug screen will be required and any offer is contingent upon satisfactory drug testing results.