Cybersecurity Governance Specialist

Cybersecurity Governance Specialist at Florida Blue

This is a contract opportunity. You will be employed by Magnit to work on assignment with GuideWell and subsidiary companies including Florida Blue.

The Cybersecurity Governance Specialist develops and maintains detailed information security policies, processes, configuration baselines, and standards. The individual in this position interacts closely with personnel from various IT departments including the application development, operations, network, and privacy teams. They assist with annual and ongoing audit assessments as well as define processes and standards to ensure that security configurations are maintained and other applicable security requirements are in place. They provide consultative guidance on the development of information security strategies, procedures, policies, baselines, and programs.

Essential Functions

• Develops information security processes, policies, standards, baselines, procedures, and run books.
• Partners with other IT SMEs to create and maintain the necessary documentation for security systems, procedures, and security diagrams.
• Coordinate with different IT and information security stakeholders to understand and identify gaps between original process and documented process.
• Develop and implement customized technical documents; gather information about needs, objectives, functions, features and requirements from cross-functional security teams.
• Lead the enterprise information security governance artifact review committee.
• Participates in initiatives to identify, select and implement technical controls.
• Works with IT leadership to develop strategies and plans to enforce security requirements and address identified risks.
• Advises IT Security other IT teams on normal and exception-based processing of security authorization requests.
• Proactively identifies company-wide program opportunities and works to implement solutions.
• Guides the direction of the overall information security program.
• Develop memorandums, reports, project plans, performance work statements and briefings as directed.
• Researches, evaluates and recommends information security related hardware and software including development of businesses cases for security investments.

Required Work Experience

• 4+ years related work experience - IT Security Technical Writing, Process Analysis, SharePoint Administration, IT Audit, Controls Auditor, or Infrastructure Controls.

Required Education

• High school diploma or GED.

Required Licenses And Certifications

• Security +
• In alignment with GW Cybersecurity requirements, contractors must possess a relevant cybersecurity or technical certification for this role. If a relevant certification is not possessed, the contractor will be expected to obtain a relevant certification within 6 months of hire. (Relevant certification will be defined by hiring manager)

Additional Required Qualifications

• Foundational knowledge of information risk concepts and principles and impact.
• Foundational knowledge of NIST, HITRUST, ARS, or other security controls framework and the ability to assess the effectiveness of controls.
• Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.
• Knowledge of audit and assessment activities and processes.
• Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
• Ability to interpret and communicate highly complex technical information clearly and articulately for all levels and audiences.
• Ability to manage tasks independently and take ownership of responsibilities.
• Ability to learn from mistakes and apply constructive feedback to improve performance.
• Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.
• Ability to adapt to a rapidly changing environment.
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.
• Must demonstrate initiative and effective independent decision-making skills.

Preferred Licenses And Certifications

• CISSP - Cert Information Systems Security Prof.

Additional Preferred Qualifications

• 4 or more year's experience directly related to HIPAA, HITRUST, and/or Center for Medicaid and Medicare Services (CMS) Acceptable Risk Safeguards (ARS) controls.