Description

Business Information Security Officers are at the heart of Humana’s Information Security program transformation. As Humana has grown into a thriving and diverse enterprise each Business Segment’s security needs have diversified along the way. Business Information Security Officers, embed with Business segments and help drive Humana’s security strategy by understanding the strategic needs of their business segment. They also provide in depth decisions support and risk guidance for the segment leadership. Humana’s Retail segment is at the core of Humana’s mission to deliver personalized care and improve the health outcomes of Humana’s members. The Business Information Security Officer (BISO) is expected to understand Retail strategy, operations, and goals. The BISO creates a tailored security strategy and to the specific risks and processes to match the needs of Retail. Business Information Security Officers are then accountable for the successful implementation and management of Retail’s security program. Finally, the Business Information Security Officer is the single point of responsibility for Retail’s security needs. They are responsible for managing the relationship between EIP and Retail and ensuring a positive security experience.

Responsibilities

Healthcare isn’t just about health anymore. It’s about caring for family, friends, finances, and personal life goals. It’s about living life fully. At Humana, we want to help people everywhere, including our associates, lead their best lives. We support our associates to be happier, healthier, and more productive in their professional and personal lives. We encourage our people to build relationships that inspire, support, and challenge them. We promote lifelong well-being by giving our associates fresh perspective, new insights, and exciting opportunities to grow their careers. At Humana, we’re seeking innovative people who want to make positive changes in their lives, the lives of our members, and the healthcare industry as a whole.

Role Description

• Work collaboratively with Business areas, Risk leaders, IT, and Enterprise Information Protection to improve our security posture.
• Leads development of a segment specific security strategy and model.
• Leads risk assessment and threat assessment for their segment.
• Leads all external and internal cyber risk, threat, and security assessments for their aligned segment.
• Works across all areas of security to ensure a cohesive security model from a technical and process perspective. 
• Leads cross-functional teams to ensure the success of their segment’s security program. 
• Works with the security and IT to define, prioritize, and manage projects that align with the overarching security strategy.
• Accountable for security program compliance of their aligned segment.
• Drives awareness and education of cybersecurity issues for segment leaders and associates tailored to their segment’s processes and business model.
• Lead and consult with segment and IT leaders on ad hoc requests/special projects.

Role Essentials

• Bachelor’s degree in Information Systems, Finance, Accounting, Business Administration or similar area of focus
• Demonstrated experience tracking and implementing strategic and transformational initiatives and programs
• Experience with enterprise cloud transformation and enterprise advanced analytics environments
• Broad industry, technology, and security knowledge including understanding of operations, technology, communications and processes
• Risk Management Experience
• Consulting or audit experience
• Experience leading cross functional teams, projects, programs, and directing allocation of resources

• Strong communication skills with the ability to interact with Associates at all levels of the organization.
• Negotiation skills - both with internal key stakeholders and external regulators and vendors
• Consulting skills – able to assimilate business knowledge and knowledge of internal customer’s unique needs/situation. Provide options and tools to make informed decisions
• Influencing Skills – ability to influence others at multiple organizational levels, to lead and work in a team environment; ability to lead collaborative efforts with user, development, business and support groups.
• Experience working in highly regulated industries subject to any of the following:  HIPAA, GDPR, CCPA, PCI, SOC 1&2.
• Experience with project management, process improvement and developing solutions.
• Demonstrated relationship building and management skills.
• Passion (obsession) for customer/user/member experience

Role Desirables

• A Bachelor's degree in engineering or computer science and with one or more security qualifications or certifications. 
• Advanced Degree’s particularly in Computer Science, MIS or Cyber Security specific fields.
• CISSP, CCSP, CISSA, CEH, LPTH, or other cybersecurity professional certifications
• Lean Six Sigma