find jobs
job title, keywords or company
city, state or zip code
Information Security Officer more...
Location:Providence, RI
Company:Blue Cross Blue Shield of Rhode Island
First posted:June 15, 2017 (last updated 3 days 21 hours ago)

Job Description

Oversee and direct the development and administration of the organization's information security function, including all activities related to the development, maintenance, and adherence to policies and procedures covering security of, and access to, confidential information (including member health information). Oversee the implementation of administrative and technical controls in order to maintain the confidentiality, integrity, and availability of data and information systems. Ensure compliance with state and federal laws and regulations related to information security.



  • Serve as the organization's functional Information Security Officer. Act as the subject matter expert providing leadership on federal and state security rules, policies, and regulations. Monitor state and federal laws and regulations to identify corporate obligations. Ensure effective and timely communication of compliance standards and procedures to all associates and stakeholders through security training programs and publications.
  • Oversee the work of the organization's information security program, including directing the implementation and administration of the company's information security function. Conduct an annual review of program strategies to identify risks and opportunities, gaps, and reasonable controls to be implemented.
  • Oversee development, maintenance, administration, and compliance with the company's information security program, including policies, standards, and procedures, as well as development of mechanisms to oversee the application of policies in coordination with the organization's senior leadership. Report to the Audit Committee regarding ongoing cyber security compliance activities and recommendations for improvements on a periodic basis.
  • Act as primary Information Security liaison to Blue Cross Blue Shield Association by participating in CISO workgroups and providing thought leadership. Oversee company's compliance with Security and Incident Response portions of the Association's Inter Plan Program Policies and Provisions.
  • Perform technical security analyses and evaluations of current and strategic platforms and applications to determine security weakness and recommend control measures. Work with internal areas to ensure compliance with security standards and guidelines and monitor implementation of appropriate controls, including implementation of data classification scheme and risk analysis methodology. Ensure that vulnerabilities and risks are efficiently mitigated.
  • Manage and oversee Information Security staff, including setting goals, evaluating and conducting performance reviews, and supporting employee development. Manage department budget.
  • Manage and maintain a vendor risk assessment program that ranks vendor relationships with respect to risk, evaluates vendor programs using generally recognized standards through questionnaires and/or on-site evaluation, and recommends appropriate action to business units regarding the use of vendors.
  • Oversee security investigations; identify, escalate, and remediate information assurance risks. Participate in reviews of audit reports. Coordinate with Privacy Office to ensure the organization achieves overall compliance with state and federal privacy laws.
  • Perform other duties as assigned.


Minimum Education and Experience

  • Bachelor's degree in Business Administration or related field; or equivalent combination of education and experience.
  • Ten or more years of information security experience.
  • Seven or more years management experience or experience leading a team.

Preferred Education, Additional Qualifications and Experience

  • Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) designation.
  • Experience in the health insurance industry.

Required Knowledge, Skills, and/or Abilities

  • Strong knowledge of information security domains and industry best practices.
  • Knowledge of security rules and regulations.
  • Knowledge of audit requirements and procedures.
  • Ability to collaborate while dealing with complex situations.
  • Ability to think creatively and to drive innovation.
  • Ability to influence up and across the organization.
  • Ability to motivate, lead and inspire a diverse group to a common goal/solution with multiple stakeholders.
  • Ability to convert business strategy into action oriented objectives and measurable results.
  • Ability to develop and manage a budget.
  • Strong negotiating, influencing, and consensus-building skills.
  • Ability to mentor, coach, and provide guidance to others.

At Blue Cross & Blue Shield of Rhode Island (BCBSRI), diversity and inclusion are central to our core values and strengthen our ability to meet the challenges of today's healthcare industry. BCBSRI is an equal opportunity, affirmative action employer. We provide equal opportunities without regard to race, color, religion, age, national origin or ancestry, disability, veteran status, sexual orientation, genetic information, sex, gender identity or expression, and any other personal attributes protected by federal, state, or local law. For more information about our commitment to diversity and inclusion, please see our Diversity Report at (please use the apply button below) .

The law requires an employer to post notices describing the Federal laws prohibiting job discrimination based on race, color, sex, national origin, religion, age, equal pay, disability, veteran status, sexual orientation, and genetic information and gender identity or expression. Please visit (please use the apply button below) to view the "EEO is the Law" poster.

BCBSRI is committed to working with and providing reasonable accommodation to individuals with disabilities. If, because of a disability, you need a reasonable accommodation for any part of our application process, please contact us at (see application details) for assistance.

During the application process, please allow a minimum of five business days before you contact our office to inquire about the status of your application. If you have any questions regarding your application or during the process, please contact Human Resources by phone at (see application details) or by email at (see application details) .

Southern New England, Boston, MA, Hartford, CT, Health Data Analyst, RI Health Insurer, Healthcare, Wellness, Provider, Network, Rhode Island, RI, Information Security Officer, Development, Maintenance, Business Administration, Global Information Assurance Certification, GIAC, Certified Information Systems Security Professional, CISSP, Certified Information Security Manager, CISM,

Send this job to yourself or a friend.

Please mention
if asked how you found this job.