Manages the Information Security team. Leads the development and maintenance of Corporate Security Policies for WellCare to ensure compliance with regulatory and contractual obligations, including HIPAA. Participates in the planning and implementation of IT systems, business operations and projects, and facility defenses against breach and vulnerability issues. Manages the team responsible for technical vulnerability management system baseline scanning, internal and external risk assessments, security investigations, eDiscovery, forensics, security awareness, security training, and other information security related oversight. Audits existing systems, while directing the administration of security policies, activities, and standards. Serves as the process owner for all ongoing activities that provide appropriate access to and protect the confidentiality and integrity of patient, provider, employee, and business information in compliance with organization policies and standards. Creates new procedures and reviews existing procedures to ensure that information is handled in an appropriate manner and meets all legislative requirements, such as those set for by the HIPAA security and privacy standards and Sarbanes
DEPARTMENT: Information Security
REPORTS TO: Senior Manager of Information Security
- Serves as an internal information security consultant to the organization, advising on the allocation of information security responsibilities, as well as the security aspects and design of WellCare systems.
- Oversees the documentation and implementation of security policies and procedures in consultation with the Chief Compliance Officer and IT leadership.
- Leads security oversight for compliance with Information Security policies and procedures, referring problems to the appropriate department manager, data owner, HR, legal, IT or other as necessary.
- Directs training and oversight to all employees, contractors, and other third parties with information security clearance on the information security policies and procedures, including ongoing security awareness activities as mandated by the HIPAA Security regulations.
- Leads information security risk assessments, and work with internal auditors and IT to ensure compliance.
- Serves as the security liaison to IT administrative systems as they integrate with their data users. Identifies and tests controls, suggesting additional controls where appropriate in order to maintain confidentiality, integrity and availability of sensitive data.
- Reviews all system-related security planning throughout the network and act as a liaison to the Information Technology department.
- Advises the organization with current information about information security technologies and issues. Advises on the control and monitoring of software security controls to effectively safeguard sensitive information.
- Monitors the access control systems to assure appropriate access levels are maintained.
- Assists in preparation of the IT and Corporate disaster recovery plans.
- Advises and assists with WellCare internal and external investigations, coordinating with HR, Legal and outside counsel as appropriate. Serves as central contact point for confidential investigation data requests.
- Supports and monitors formal procedures for reporting and handling of information security incidents and investigations, coordinating with HR, Legal and external state and federal regulatory bodies on an as needed basis.
- Develops and monitors the Wellcare Physical Facility Security plan, policies and standards, in coordination with Facilities and IT.
- Performs other duties as assigned.
- Required A Bachelor's Degree in Computer Science, MIS or equivalent combination of education and experience.
- Required 5 years of experience in Information Security.
- Required 8 years of experience in Information Systems experience.
- Required 2 years of experience in in leadership role supporting multiple team members
- Required Other Knowledge and experience in administration of security standards relating to Information Technology.
- Preferred Other Knowledge and experience of various IT and security standards (CobiT, HITRUST, NIST)
- Required Other IT Security experience in a public company.
Licenses and Certifications:
- Intermediate Ability to analyze information and covert related activities into a comprehensive work plan
- Advanced Ability to lead/manage others in a matrixed environment
- Advanced Demonstrated project management skills
- Advanced Ability to work as part of a team Ability to understand and work closely with other departments, teams and employees.
- Advanced Other Skill in leading corporate security initiates including access policies, encryption, disaster recovery, and business continuity plans.
- Advanced Other Ability to interact directly with executive leadership, presenting key information security information in an understandable format appropriate to the audience at hand.
- Advanced Other Knowledge of HIPAA (Security, Privacy and Breach reporting requirements) and Sarbanes-Oxley legislation as it pertains to information security.
A license in one of the following is required:
- Preferred Certified Information Systems Security Professional (CISSP) CISSP and/or CISM professional designations
- Required Other CISM, CEH or other security certification