Lead Cyber Security Specialist

Resp & Qualifications

• Execute security governance and compliance leadership through the design and implementation of security policies, procedures, guidelines, and standards to maintain the confidentiality, integrity and availability of information systems and data.
• Represent Information Security from Security Governance and Compliance perspective.
• Design, implement, and integrate security solutions to address enterprise risks and exposures.
• Develop and maintain Information Security Metrics supported by KPIs and KRIs.
• Provide support and guidance to a team of technically diverse personnel of senior level security specialists and junior level security specialists.
• Provide appropriate training to other security specialists and external customers on developed policies standards, procedures, and guidelines.
• Implement necessary enhancements/updates/upgrades to existing security products.
• Serve as lead technical information security coordinator/project lead and as a contributor to cross functional teams for deployment and support of security specific projects and infrastructure to provide information security to the enterprise.

• Apply technology and processes to ensure the enterprise is protected and secured in the following areas:
• Identity and access management.
• Data protection (through the use of technologies such as whole disk encryption, end-to-end e-mail security, public and private key management, data leakage prevention, web application and source code security, database security, etc.)
• Network devices and infrastructure, desktop/mobile devices and remote access to the network,
• Information governance to ensure data is managed based on its sensitivity, information security policies, guidelines, and standards.
• Information governance through performing day-to-day maintenance and addressing issues and problems associated with security tools.
• Provide general support to the Information Security department in carrying out its’ assigned functions and responsibilities.
• Provide ad hoc off-hours support and problem resolution as directed by departmental requirements, service level agreements and internal support procedures.
• Provide assistance with audit issues and recommendations for remediation from an Information Security perspective.
• Interact with other IT Operations teams to develop tactical and strategic programs to address processes, controls, organization and infrastructure to manage information security related concerns and satisfy directives.

• Properly interpret business and technical requirements into security solutions and designs that are consistent with the current information security architecture.
• Implement and assist in enforcement of company security policies.
• Document results of system and application reviews including corrective action taken and security related documentation.
• Assist with reviews of current and new CareFirst systems and applications, including changes to existing applications/systems, to assure compliance with Information Security policies and standards.
• Apply creative thinking in problem solving and identifying opportunities for improvements in security.
• Provide Information Security related recommendations regarding CareFirst infrastructure components (communications network, physical security, data access, computer hardware/software and data confidentiality, integrity, and availability).

• Work with intra/interdepartmental technical and business personnel in a dynamic and varying environment.
• Collaborate with other Information Security specialists, designers, developers, and architects.
• Work with other technical teams in the organization such as IT Operations and IT Applications.
• Share ideas, discuss alternatives, and seek input.
• Maintain familiarity with state-of-the-art concepts, procedures, software, and techniques in Information Security in order to be able to effectively assess the needs for and further develop the CareFirst Information Security environment.

• Ability to identify and resolve complex issues and develop security solutions to meet CareFirst’s business and technology goals.
• Strong written documentation skills and technical writing are required.
• Excellent presentation and verbal communication skills.
• Ability to effectively lead/complete tasks with a minimal level of supervision.
• Strong computer skills, including knowledge of Microsoft Windows, e-mail systems (Microsoft Exchange)
• Possess broad understanding of the following systems/skill sets:
  • System hardening concepts and techniques to support technical standards
  • Network and remote access controls
  • Unix, Linux, Web application servers
  • Virtualization technologies
  • Encryption technologies and key management
  • Familiarity with access control methodologies (MAC, DAC, RBAC)

• Professional certification such as CISSP, CRISC, CISA, or CISM (lead level only).
• Proven ability to translate technical requirements to the business.
• Proficiency in the creation/modification, ratification, and socialization ofsecurity policies, technical standards, procedures, and guidelines.
• Proficiency with security controls for cloud environments (Azure and AWS).
• Proficiency with control implementation and monitoring in addition to information security metrics, dashboards, and reporting.
• Experience working with Information Security tools in a large, complex, multi-platform environment.
• Knowledge of Microsoft security and compliance tools/technologies such as Microsoft Information Protection, DLP and MCAS.
• Proficiency in DLP/DRM tools and methodologies in order to lead an enterprise-wide deployment.
• Proficiency in data classification/data governance methodologies and approaches to ensure data is managed based on its sensitivity, information security policies, guidelines, and standards.
• Project management skills to lead information security projects including project planning/reporting, requirements gathering, stakeholder engagement and tracking deliverables to completion.
• Experience in Audit responses and tracking from an Information Security standpoint to further mature control coverage and monitoring.
• Proficiency with the HIPAA Security Rule and compliance requirements.