AVP, Technology and CyberSecurity Risk

Key Responsibilities include, but are not limited to:

• Serve as a senior risk leader, engaging with executives across the company to drive effective risk dialogues and outcomes
• Direct the development of risk management programs, including managing the risk framework, performing control testing and risk assessments, and maintaining governance processes (e.g., policies standards, exceptions and risk acceptance processes)
• Drive effective strategic conversations about the value tradeoffs across critical remediation priorities, to ensure issues are remediated proactively following a risk-based approach
• Ensure effective testing of existing controls to identify gaps in operating effectiveness before they become incidents or compliance issues
• Collaborate with teams to ensure engagements with key internal, regulatory and industry groups to ensure audit responses are timely and effective
• Lead an effective, efficient, and predictable risk assessment process, to proactively identify, characterize, and drive remediation of important technology and cybersecurity issues
• Engage with senior leaders and peers to ensure risk and compliance issues are effectively identified, prioritized, and remediated
• Ensure compliance with relevant laws, regulations (e.g., HHS, SEC, state agencies), and industry standards (e.g., PCI, HITRUST) across Humana
• Effectively maintain key risk governance functions, including the risk framework, risk acceptance and exceptions processes, policies and standards, and governance forums
• Build and maintain a highly effective team of risk and compliance professionals, focused on delivery high-value risk outcomes that improve the companies’ security, resiliency, and compliance posture
• Communicate team priorities effectively both within the team and across Humana, to ensure alignment on intended outcomes and a strong risk management culture
• Ensure associates receive ongoing training necessary to maintain a high level of skill across multiple technical and programmatic domains

Required Qualifications

• Bachelor’s degree, preferably in a technology or related field
• 10 or more years of experience managing major, complex technology or risk programs
• Deep experience in operating risk and compliance standards, including PCI, HIPAA, and HITRUST, and enterprise risk management practices
• Ability to develop and manage against metrics that ensure key projects add clear value
• Excellent leadership skills including a proven track record of leading and growing large teams and managing technology and cybersecurity risk issues
• Keen ability to distill complex risk information for presentation to senior executives
• Technical knowledge of cybersecurity, cloud technologies, information technology operations, resiliency practices, and data privacy
• Ability to work in a dynamically changing environment and leading people through modernization from traditional assessments to focus on data analytics
• Ability to influence a wide variety of senior executives in enterprise wide groups
• Experience interpreting data extracted from advanced analytics (e.g. use of data visualization and reporting)
• Expert judgement and a capacity to deliver organizational change through effective risk leadership

Desired Qualifications

• Master’s Degree in Computer Science, Information Technology, Information Security, or a related field
• Industry Certifications: CISA, CISSP, HCISPP, CCSP, CISM, CTPRP, etc.
• Healthcare or financial sector experience

Additional Information

• Location: This position can be located anywhere within the lower 48 states.
• Requires 10-15% travel as business needs dictate
• Work-At-Home Requirements: To ensure Home or Hybrid Home/Office associates’ ability to work effectively, the self-provided internet service of Home or Hybrid Home/Office associates must meet the following criteria: At minimum, a download speed of 25 Mbps and an upload speed of 10 Mbps is recommended; wireless, wired cable or DSL connection is suggested; Satellite, cellular and microwave connection can be used only if approved by leadership; Associates who live and work from Home in the state of California, Illinois, Montana, or South Dakota will be provided a bi-weekly payment for their internet expense; Humana will provide Home or Hybrid Home/Office associates with telephone equipment appropriate to meet the business requirements for their position/job; Work from a dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information.