The Director, Third Party Cyber Management will provide strategic direction to and manage a team of risk professionals in ensuring world-class management of Humana's cyber vendor risk. This leader and their team will work closely with business and technology leaders across Humana to evaluate, monitor and mitigate risk introduced by third party vendors supporting these core business operations.
Responsibilities
Responsibilities include, but are not limited to:
establish and apply cutting edge vendor management practices to build a close working relationship with vendors and their leadership that promotes timely identification and mitigation of developing threats and security deficiencies
provide in-depth risk guidance to segment leadership
make recommendations to reduce the risk footprint introduced by third party services
set the strategic direction of a large team, and ensure the critical, high profile timelines and priorities are addressed
identify and implement new practices
ensure Humana cybersecurity requirements are appropriately addressed
ensure ongoing enhancements are made to Humana's Information Security Agreement
work collaboratively with Segment business areas, risk leaders, IT, and third parties to improve the overall ability to safeguard Humana and its' members data
effectively build and lead a team of risk, cyber, and vendor management experts
ensure overall execution of end-to-end third party risk assessments across multiple segments
work across all areas of security (architecture, pen testing, etc.) to ensure a cohesive security model from a technical and process perspective
monitor third party compliance (PCI, Offshore) with varying internal, regulatory, and state requirements
drive awareness and education of third party cybersecurity issues across the company
lead and consult with segment and IT leaders on ad hoc requests, RFP's, and special projects
review and analyze technologies, processes, documentation, and data to identify any gaps in the effectiveness of cybersecurity controls and operations that could have a direct negative impact to segment operations
help determine if/when to integrate emerging cybersecurity trends into the overall segment third party assessment strategy
Key Competencies
Accountability:
Meets established expectations and takes responsibility for achieving results; encourages others to do the same.
Collaborates:
Engages others by gathering multiple views and being open to diverse perspectives, focusing on a shared purpose that puts Humana's overall success first.
Customer Focus:
Connects meaningfully with customers to build emotional engagement and customer advocacy. Simplifies complexity and integrates internal efforts to deliver an optimal customer experience.
Acts Strategically
: Makes decisions and sets strategy based on the long-term vision, uses an enterprise-wide perspective to translate strategies into actions, inspires others to embrace and advance the strategy, and creates a clear view of the future state.
Interpersonal Effectiveness
: Understands oneself, effectively manages emotions, listens, and communicates with respect, and builds trusting relationships.
Leads Change:
Guides and energizes others, models adaptability, and inspires strong organizational performance through periods of transformation, ambiguity, and complexity.
Role Essentials
10 or more years' experience performing organizational IT audit and/or IT security risk assessments
Bachelor's Degree in Business, Information Technology, or a related field
Proficient understanding of - and experience with - audit, regulatory requirements and standards (SOC2, ISO, HITRUST), and other related standards and certification processes
Exceptional leadership skills, including an ability to grow and build teams
Broad industry, technology, and security knowledge including understanding of operations, technology, communications, and processes
Strong communication skills with the ability to interact with Associates at all levels of the organization
Negotiation skills - both with internal key stakeholders and external regulators and vendors
Influencing skills - ability to influence others at multiple organizational levels, to lead and work in a team environment; ability to lead collaborative efforts with user, development, business, and support groups
Strong ability to assess urgency and prioritization and make well informed decisions based upon situational circumstances
Excellent communication skills with the ability to influence others
Ability to travel up to 20% of the time
Role Desirables
Master's Degree in Computer Science, Information Technology, Information Security, or a related field
Industry Certifications: CISA, CISSP, HCISPP, CCSP, CISM, CTPRP, etc.
Additional Information
Incumbent can be remote, work-at-home, located anywhere across the US
Requires travel as business needs dictate, estimated to be 20% of the time, for periodic in-person or vendor meetings
Work-At-Home Requirements: Must have the ability to provide a high-speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense. A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required. Satellite and Wireless Internet service is NOT allowed for this role. A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information
COVID Policy: We are a healthcare company committed to putting health and safety first for our members, patients, associates, and the communities we serve. Humana and its subsidiaries require vaccinated associates who work outside of their home to submit proof of vaccination, including COVID-19 boosters. Associates who remain unvaccinated must either undergo weekly negative COVID testing OR wear a mask at all times while in a Humana facility or while working in the field.
Employer job 
90 Day Old Job 
