Anthem, Inc. Director II Technology - Business Information Security Office (BISO) in Norfolk, Virginia
SHIFT: Day Job
Your Talent. Our Vision. At Anthem, Inc., it’s a powerful combination, and the foundation upon which we’re creating greater access to care for our members, greater value for our customers, and greater health for our communities. Join us and together we will drive the future of health care.
This is an exceptional opportunity to do innovative work that means more to you and those we serve at one of America's leading health care companies and a Fortune Top 50 Company.
Director II Technology - Business Information Security Office (BISO)
: This position can be located within a 50-mile radius of an Anthem office.
The Business Information Security Officer (BISO) role reports to the Chief Information Security Officer and acts as a key conduit between enterprise Information Security and the Business Division. As a delegate of the Chief Information Security Officer (CISO) to the Business, the BISO helps the CISO oversee the strategy and governance of information security, risk management and information security operations for the assigned Business Division.
In this position, the BISO will partner with the Digital business area to help champion responsible and secure business innovation by
Functioning as the Business Division security leader responsible for driving the alignment of Information Security programs to specific division risks.
Serving as the trusted advisor, both to the business division and to the CISO. This role liaises between the business, keeping clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, reporting of security risks to the business, CISO and appropriate committees.
Playing a key role in the information security incident response process including, participating as an active member of the Cyber Security Incident Response Team, identification of impact to the Business Division, remediation, and development of internal and external message points.
Aligning with domain leaders to verify business compliance with the Information Security Policy and Standards and partner with the business unit Control Leads while continuously monitoring and reporting on risks and documented exceptions.
Primary duties may include, but are not limited to:
Establish and execute Information Security Framework within Business Division
Continue to mature BISO structure (e.g., role, responsibilities, communication channels, etc.) within the Business Division
Evaluate all directives, change orders, and projects as to their impact on security tactical plans, budgets, and contract compliance
Hire, train, coach, counsel, and evaluate performance of direct reports.
Collaborate with business leaders, the CISO, IT Professionals and risk management Professionals
Develop financial impact of business division risk and investments
Establish and execute business continuity routines
Champion risk-management culture with peer technology teams
Monitor/report risks and document exceptions
Actively engage and advise stakeholders
Own and communicate security roadmap for Business Division
Develop and implement security architecture
Deliver security initiatives and demonstrate/track progress to stakeholders
Integrate Information Security priorities into business division strategic plans
Identify and measure audit/compliance controls for critical business processes and channels
Demonstrate that appropriate audit/compliance controls are in place
Ensure proposed technical solutions maintain integrity of the infrastructure and uphold audit/compliance requirements
Act as an Incident Response lead for Divisional security incidents, working closely with Group and Divisional stakeholders
Advise Division management on risk issues related to information security and recommend actions in support of the wider risk management and compliance programs
Look for opportunities to champion Information Security priorities by informing, engaging and/ or training others
Ensure that processes are documented and communicated in language that is relevant and understandable to non-technical audiences
Collaborate across Information Security to triage related processes within Business Division
Serve as an Information Security subject matter expert for Business Division
Collate demand for security and collaborate across the Information Security team to balance supply and demand of security and divisional resources
Requires an BA/BS degree in Information Technology, Computer Science or related field of study and a minimum of 8 years of IT management experience, experience in function/area being managed, experience managing multiple tasks and projects; or any combination of education and experience, which would provide an equivalent background.
8+ years of experience in Information Security or Audit related role.
5+ years in a large organization
Advanced skills with MS-Office and other related PC applications
Have a relevant industry certification such as CISSP, CISM, CRISC or similar
Strong communication skills and ability to influence; adept at building and maintaining strong business relationships at the executive and leadership levels
Strong business and financial acumen and strategic thinking capabilities
Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
Ability to manage multiple complex priorities and competing agendas without direct authority over delivery teams
Ability to interpret and apply policies and regulations across a large, complex business
Analytical aptitude and data-driven decision making
High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
Strong presentation skills, as well as the ability to visually represent complex ideas in a simplified way
Self-motivated and directed with keen attention to detail
Master’s degree in Computer Science, Information Technology, or related field
Project management experience
Possess application development and/or application security background; with knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step
Healthcare systems experience
We offer a range of market-competitive total rewards that include merit increases, paid holidays, Paid Time Off, and incentive bonus programs (unless covered by a collective bargaining agreement), medical, dental, vision, short and long term disability benefits, 401(k) +match, stock purchase plan, life insurance, wellness programs and financial education resources, to name a few. The health of our associates and communities is a top priority for Anthem. We require all new candidates to become vaccinated against COVID-19. If you are not vaccinated, your offer will be rescinded unless you provide – and Anthem approves – a valid religious or medical explanation as to why you are not able to get vaccinated that Anthem is able to reasonably accommodate. Anthem will also follow all relevant federal, state and local laws. Anthem, Inc. has been named as a Fortune 100 Best Companies to Work For®, is ranked as one of the 2020 World’s Most Admired Companies among health insurers by Fortune magazine, and a 2020 America’s Best Employers for Diversity by Forbes. To learn more about our company and apply, please visit us at careers.antheminc.com. Anthem is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law. Applicants who require accommodation to participate in the job application process may contact email@example.com for assistance.