HealthPlanOne's mission is to help people find the right health insurance at the right price, so they live healthier lives. We are committed to making the shopping process simpler. Our mission has never been more important than it is today.
Under the strategic instruction of the CLO/CCO/CPO and serving as the Data Security lead for HPOne, the Data Security Director ("Director") will serve as the implementor and overseer of HPOne's data security obligations (including but not limited to application security, data security, and infrastructure security), continued maturation and evolution, and audits, as well as leading the remediation stemming from any such audits.
This role will work with appropriate data, engineering, privacy, and governance counterparts to ensure cybersecurity capabilities for protecting HPOne's data are appropriately designed, engineered, and monitored to meet HPOne's needs.
This role requires technical competence and ability to work with stakeholders across various domains. Additionally, the role requires familiarity with recent threats and adversarial techniques, as well as the ability to quickly respond to new threats. Thought leadership for designing data protections in a rapidly evolving AI-driven world will be critical to this role's success.
They also ensure establishment of and compliance with effective information security practices and must build and maintain data security awareness organization-wide.
Communications and Leadership:
Work with executive staff to represent HealthPlanOne on cyber security matters and liaise with external agencies, clients, and organizations, where required, ensuring that any information requested is provided on a timely and secure basis.
Effectively communicates Data Security program status, risks, and mitigating actions to all requested leadership. Directly represents the program to business leaders/technical staff at all levels of the company, including preparing and presenting detailed, written information for multiple audiences.
Manages overall program budget (working with finance).
Provide guidance and support to other departments to ensure compliance with security policies and procedures and advocate for security culture and educate colleagues across all parts of HPOne.
Knowledge and Threat Awareness:
Keep up to date with Information and cyber security trends, threats, and control measures, to be an active member of the Information/Data/Cyber Security communities.
Maintain a very high level of knowledge in relevant technical areas, at present this includes: PCI, HiTrust, and similar data and security standards, Network and Routing concepts, Security concepts, Microsoft Authentication and provisioning technologies, Microsoft Windows, MacOS, Encryption Technologies.
Maintain a very high level of knowledge of cybersecurity equipment and technologies to enable the evaluation, selection, testing, installation and monitoring of new / enhanced systems.
Oversight and Management:
Oversee (directly and through your direct report(s)) the data security operations including but not limited to continuous monitoring, security information and event management, security architecture, security engineering, vulnerability scanning, endpoint security, security analytics, network access control, penetration testing, data forensics, security data ingestion, threat monitoring/hunt and security situational awareness.
Works with Risk Management Head regarding the development of a multi-year Data Security program roadmap and annual/quarterly/monthly planning and execution of initiatives and department efforts.
Assess program and security risks and provide mitigation recommendations and actions for program decision-making.
Ensures the program deliverables are assessed against the appropriate controls and processes to ensure compliance to regulatory and contractual obligations (e.g. HiTrust, HIPAA/HITECH, PCI, etc.).
Serve as a subject matter expert for data protection in responsible use of AI.
Design, implement, and manage enterprise cybersecurity solutions to safeguard HPOne assets and information, while maintaining threat monitoring services.
Conduct security analyses, drive risk decisions, and influence both infrastructure and product architecture across internal tools, frameworks, and applications.
Gather and report on security metrics that demonstrate the relative cost/benefit of the security operations and other cybersecurity initiatives
Meet security audit mandates, standards, and requirements
Lead business continuity and disaster recovery preparation, continuous maturity, and testing by developing and maintaining backup procedures and Disaster Recovery documentation for the security infrastructure to ensure that business requirements are met in a timely manner and to accurately reflect user requirements.
Direct implementation and execution of security standards, policies, processes, and best practices for the organization.
Execute on an effective cyber incident management response plan. Coordinate the response to Cyber security incidents and investigations, managing them in a professional manner including computer forensics for evidence gathering and preservation. Ensure appropriate and sensitive handling of affected staff and efficiently liaison with external and law enforcement agencies when required.
To lead and manage cybersecurity projects, ensuring completion to deadlines and within budget. In doing so undertake planning, costing, project management, liaison with suppliers.
To manage other activities that may arise through company evolution, growth or restructuring.
Performs other related duties as assigned.
Our centers are consistent with CDC guidelines and align with local government orders pertaining to all Company physical locations in relation to COVID-19.
Equal Employment Opportunity (EEO) is a fundamental principle at HealthPlanOne, where employment is based upon personal capabilities and qualifications. HealthPlanOne does not discriminate because of actual or perceived sex, sexual orientation or preference, gender identity, gender, transgender, race, color, religion, national origin, creed, citizenship status, ancestry, age, marital status, pregnancy, childbirth or related medical conditions, medical conditions including genetic characteristics, mental or physical disability, military and veteran status, or any other protected characteristic as established by law. HealthPlanOne requires the necessary drug testing and background checks as part of our pre-employment practices. If you need assistance or an accommodation due to a disability, please contact us to request accommodation at accommodations@hpone.com
