Description - This role represents a unique opportunity to build a continuous control monitoring function from the ground-up for a world-class cyber-risk management organization. You will leverage strategic partnerships, identify control optimization opportunities, and develop repeatable ways to transparently measure and manage control performance against risk management and compliance related objectives for the advancement of Enterprise Information Protection program. The Controls and Compliance Oversight Team provides assurance and governance in the areas of cybersecurity ensures controls are designed and operating effectively to mitigate risk within enterprise level technology and business processes. This team serves as a first line of defense in overseeing both on premise and cloud environments. In addition, this team plays a key role in establishing a consistent security control framework and compliance assessment program across all cybersecurity domains, driving connections and collaboration throughout IT, and Enterprise Risk Management. The focus of our work is to ensure the deployment of security controls on premise and in the cloud to manage cyber risk and assure compliance. Responsibilities The Continuous Control Monitoring (CCM) Lead creates, maintains, and advances the strategy for continuous control monitoring and establishes performance reporting to reflect status against expected operating thresholds, and both compliance and risk objectives. The CCM Lead directs the team to identify and oversee automation needed to enable complete and continuous visibility on health of critical controls within the cyber security program. The CCM Lead will leverage best practices and related frameworks to ensure coverage of critical on premise computing environments and cloud environments, and will report to senior leadership against all aspects of security control performance. The role understands the businesses, industry, and industry trends and uses that knowledge to recommend effective solutions. Leads and/or supports collaborative business partnerships, elicits client understanding and insight to advise and make recommendations. Clarifies scope of work commitments and deliverables, and defines measurable success criteria to monitor progress toward goals. Must have capability to: + Exercise independent judgment and decision making on complex issues regarding job duties and related tasks, and work under minimal supervision. + Use independent judgment requiring analysis of variable factors and determining the best course of action. + Advise leadership and executives on control design and optimization strategies for the evaluation, selection, and implementation of cloud services and related deployments. + Prioritizing tasks and ensuring the quality of deliverables. + Lead and expand the continuous control monitoring program by enhancing existing processes and utilizing existing technology. + Work with partners in business and IT to identify root causes for issues and resolve issues creating a positive user experience. + Work closely with cyber security teams to ensure seamless execution of processes and timely delivery to customers. + Identify gaps in process and procedures and demonstrate initiative in mitigating as appropriate. + Be responsible for process improvements, including initiating, creating, updating process documentation. + Drive integration of processes across disparate teams to align to a single, cohesive strategy. Key Competencies: + Builds Trust: Strong team player who consistently models and inspires high levels of integrity, lives up to commitments and takes responsibility for the impact on ones actions. Requires little to no instruction on day-to-day work. + Leads Change: Guides and energizes others, models adaptability and inspires strong organizational performance through periods of transformation, ambiguity and complexity. + Communication: Ability to interact and effectively communicate complex topics to all levels of management within the organization. Understand the needs and perspectives of others and tailors delivery accordingly. + Accountability: Exercises independent judgment / decision making on complex issues. Competent to work independently, meet established expectations and take responsibility for achieving results, and ensures direct reports to do the same. Role Essentials: + Bachelor's degree in Cyber Security, Computer Science, Information Technology or a related field + 8 or more years of technical cyber security experience + 4 or more years of experience with cloud technologies and cloud deployments + Experience working with control frameworks such as HITRUST CSF, NIST CSF, NIST 800-53, CSA-CCM + Skilled at identifying security risks and exposures + Experience integrating Cyber Security technologies with existing technologies including cloud services + Strong ability to assess urgency and prioritization and make good decisions based upon situational circumstances + Excellent communication skills with the ability to influence others + Analytical and problem solving skills + Must be passionate about contributing to an organization focused on continuously improving consumer experiences Role Desirables: + Strong knowledge of key compliance and IT frameworks such as: CSA-CCM, PCI, HITRUST, SOC1, SOC2, HIPAA, COBIT, ITIL. + Masters Degree in Business Administration or Information Technology, preferred but not required + Professional certifications such as CISA, CISSP, CRISC, CGEIT, Cloud certifications such as CCSP, CCSK, CSP-based certifications) preferred. + Ability to interpret and understand business needs and convey such issues to information security teams. + Data Analytics or Data Visualization experience a plus + Six Sigma Experience + DC or Louisville KY location preferred, remote eligible(not Covid remote only) Scheduled Weekly Hours 40 About Us Mission: At Humana, our cultural foundation is aligned to helping members achieve their best health by delivering personalized, simplified, whole-person healthcare experiences. Recognizing healthcare needs continue to evolve for each person, for each family and for each community, Humana continuously creates innovative solutions and resources that help people live their healthiest lives on their terms when and where they need it. Our employees are at the heart of making this happen and thats why we are dedicated to building an organization of dynamic talent whose experience and passion center on putting the customer first. Equal Opportunity Employer It is our policy to recruit, hire, train, and promote people without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity or expression, disability, or veteran status, except where age, sex, or physical status is a bona fide occupational qualification. View the EEO is the Law poster. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact mailbox_tas_recruit@humana.com for assistance. Humana Safety and Security Humana will never ask, nor require a candidate provide money for work equipment and network access during the application process. If you become aware of any instances where you as a candidate are asked to provide information and do not believe it is a legitimate request from Humana or affiliate, please contact mailbox_tas_recruit@humana.com to validate the request. California Residents If you are a California resident and would like to review our California Consumer Privacy Act (CCPA) Policy click here: CA Resident Privacy Policy <>
Categories
• Financial Services