The Team Leader, Information Security will provide day-to-day leadership for the Information Security Architect team. This role drives accountability on team and is responsible for organizing team members’ responsibilities and duties and the alignment within department goals. The Team Leader, Information Security is responsible for the direct management of programs and people utilized to enhance the BCBSNC security program. Additionally, the Team Leader, Information Security is a senior security staff member primarily responsible for researching, evaluating, recommending, and validating security systems designs and security controls that deliver on accepted security best practices, regulatory compliance and documented policy. Partners with all areas of business and information technology to drive security requirements, and deliver on security objectives within product development, business process design, IT and business operations development, software development, and their respective life-cycles.
Manage day-to-day business area activities; provide leadership and direction to team and set team goals and expectations.
Provides coaching, development feedback, and training to team.
Develop and oversee the implementation of programs designed to enhance BCBSNC’s Security Program.
Lead incident response and technical investigations.
Perform forensic investigations as required by HR, Ethics, and Legal.
Conduct risk assessments, evaluate alternative strategies, develop recommendations and ensure responsive communication with business representatives, security management, and third party vendors.
Provide application and data security solutions to business units and project teams.
Provide information security-focused solutions for business units that enhance their ability to do business in a secure manner.
Communicate unresolved security exposures as well as misuse or noncompliance situations to management.
Analyze application security needs based on the sensitivity or proprietary nature of the data, and ensure that all systems are utilized for management-approved purposes only.
Provide technical expertise and guide the administration of security tools that control and monitor information security, and ensure Data Loss Prevention, Role Based Access Controls, and Identity Management.
Assist management in defining and setting appropriate, implementable policy
Assist in the development, maintenance, and publishing of all corporate-level information security standards, procedures, and guidelines, including compliance monitoring procedures; assist in resolving security policy issues and implementing security procedures.
Research, evaluate, recommend, plan implementation of, and test new or improved information security software or devices
Analyze new or enhanced software application or tool implementations for impacts to existing security software and devices.
Participate in investigations of suspected information security issues or in compliance reviews as requested by auditors.
Perform eDiscovery for Legal Department.
Develop and deliver security guidance and training to technical staff members.
Perform security program presentations, both internally and externally, as needed.
Serve as an expert security resource to the company at large; provide security consultative support as required.
7 years of Information Systems experience to include 5 years experience in the IS Security Field
If no degree 10 years of IS experience with 5 in the IS Security Field
Experience with incident response and/or security operations required
Experience leading a team of technical professionals
CISSP (or obtain within 1 year)
Additional Critical Skills & Knowledge Needed for Job
Experience successfully developing and implementing new technology as well as solid project management experience in a cross-functional environment
Familiarity with audit and risk-related frameworks; such as COBIT
Information security professional with demonstrated skills in translating business requirements to technical solutions and services
Expertise in determining controls and identifying mitigation strategies that meet business and technical requirements
Significant expertise or specialization in another IS related discipline (e.g. Network Engineering, Database Administration, Application Development, Systems Administration, etc.)
Strong analytical and problem-solving skills
Ability to provide appropriate direction to other IT groups on security matters
Strong team-oriented interpersonal and communication skills with the ability to effectively interface with a wide variety of people
Excellent written and verbal communication skills
Demonstrated commitment to continuous process improvement
GIAC, ISACA, CISA, or other security / audit / field related certifications preferred