Aetna Director, Information Security in Denver, Colorado
Req ID: 64598BR
Creates and communicates strategic direction for defense-in-depth security posture for affiliates and joint ventures. Manages an organization responsible for the creation and/or implementation of information security policies, programs, and procedures to cost-effectively and efficiently protect information and information systems assets from Intentional or inadvertent modification; disclosure or destruction; unauthorized access; reduced, interrupted or terminated, processing capability; malicious logic or virus activity; or loss, theft, damage or destruction of any IT resources.
Fundamental Components included but are not limited to:
Responsible for security strategies utilizing industry security standards, normative comparisons with industry peers, best practice research and Aetna specific business and technology requirements. Maintains currency with government and regulatory affairs interpreting legislation in a security context to ensure company compliance. (e.g. HIPAA, GLBA, SOX) Designs, implements and deploys information security policies, procedures and guidelines. Continually evaluate processes to ensure compliance with regulatory environment as well as internal controls validation. Supervises managers, sukpervisors or team leads or may direct the work of higly skilled technical specialists. has the authority to hire new staff and terminate existing staff through appropriate corporate process. Responsible for pay administation and semi-annual appraisal process.
Has responsiblity for unique roles such as a security crisis event management, supporting business resiliency efforts, and understanding physical and cybersecurity technologies.
Responsible for developing, maintaining, publishing and/or enforcing informatin security standards and guidelines encompassing data, and intellectual security. Provides reports to Management regarding the effectiveness of network and data security and making recommendations for the adoption of new procedures and technologies, as required. Based on organization's recommendations, approves the purchase and manages deployment for the adoption of new procedures and technologies as required. Provides confidence and leadership to project teams in cross-functional environments and efforts.
Monitors changes in legislation and accreditation standards that affect information security. Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained. Establishes meaningful metrics on key critical infrastructure components of information security and monitoring of these to ensure the confidentiality, integrity and availability of information and processes. Ensures awareness of organization's information security policies and procedures among employees, contractors, alliances and other third parties.Initiates, facilitates, and promotes activities to foster information security awareness within the organization. Actively promotes awareness and education through management presentations, staff meetings, collaboration with other departments and road shows. Provides direct information security training to all employees, contractors, alliances, and other third parties. Work directly with regulatory PMOs, the legal department, compliance office and regional privacy and security managers to coordinate internal and external audits and follow lup with implementatin, based audit recommendations. Serves as an internal information security consultant to the organization. Monitoring advancements in information security technologies. Communicates unresolved information security exposures, misuse, or non-compliance situations to senior management. Participates in the activities of the Information Security Committee, responsible for the organization's information security program. Manages the daily work flow within all or part of the group organization.
Qualifications Requirements and Preferences:
- Experience leading teams in support of security efforts.
* Experience managing, leading and providing supporting evidence for audit activities (SOC 2, NYDFS, ISO2001 as examples)
* Experience with customer focused engagements
* Experience identifying security risks and driving remediation efforts to conclusion.
Information Management - Certified Information Security Manager (CISM), Information Management - Certified Information Systems Security Professional (CISSP) - - sponsored by International Information Systems Security Certification Consortium, Information Technology - Certified in Risk and Information Systems Control certification (CRISC)
General Management - Multi-functional management: < 25 employees, Information Technology - Security
Security - Active Directory, Security - Sudu (Unix root control), System Management - Information Security Management
General Business - Communicating for Impact, General Business - Maximizing Work Practices, General Business - Turning Data into Information
Technology - Creating Technology Partnerships, Technology - Leveraging Technology, Technology - Selecting and Applying Technology Solutions
Additional Job Information:
Benefit eligibility may vary by position. Click here to review the benefits associated with this position.
Job Function: Information Technology
Aetna is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected Veterans status.
- Aetna Jobs