The Chief Information Security Officer (CISO) will provide leadership, strategic direction and oversight for Wellmark’s information security and IT risk and compliance functions within the organization. With the customer experience in mind, she/he will establish and maintain an enterprise-wide information security program that protects all personally sensitive and protected data against internal and external threats. In partnership with the CIO, IT leadership, senior leaders and other key executives, the CISO will ensure that enterprise-wide information security strategy, planning and delivery aligns the organization’s business and strategic objectives. *This opening is being managed by a retained search firm - your application will be passed along to this firm for consideration.* *Core Competencies:* * Accountability: Owning and taking responsibility for one’s actions. * Business Acumen: Understanding industry, market, financial and company specific operations * Collaboration and Communication: Working together; listen to other’s ideas; communicate accurately and concisely * Decision Making: Consider all facts and impacts when making decisions * Focus on the Customer: Consistently doing what is in the best interest of our customer. Leaving a positive impression on the customer by elevating their experience; making it simpler and educating to helping them understand. * Bachelor's degree (equivalent work experience may be considered) * 10+ years of progressive information/cyber security experience - including expertise in all aspects of security disciplines: information security, cyber-risk and vulnerability assessments, threat analysis, threat modeling, security intelligence * 7+ years of progressive information security management and/or risk management in the healthcare, finance services or related industry * Prior formal leadership experience; complex, large teams preferred. Experience in change management with a demonstrated ablility to leverage relationship sto influence. * Business savvy and effective strategic planning and analytical skills required. * Masters of business administration, master of science/engineering or similar technical area preferred * Advanced security certifications (eg CISSP/CISM) a. Strategy lead the overall management and strategic oversight of enterprise information security EIS and IT risk and compliance policies, principles, procedures and practices. Proactively interact with senior leaders to understand the business objectives and strategies provide the vision and leadership for the effective integration of the Enterprise Information Security program with other related processes in the organization responsible for building, implementing, and transforming information security. b. Enterprise Leadership for a team that supports Wellmark and divisional strategy and goals. Cascade and communicate strategy and initiatives to team members, ensuring a positive member/stakeholder experience, supporting achievement of divisional and overall company results. c. Team Leadership provide leadership and day-to-day management of financial and human resources, primarily focusing on employee and leader coaching and mentoring, development, performance management and improvement, coordination and budgeting for staff, and departments specific functions/services. Ensure succession plan is in place for key positions. d. Build strong relationships and influence SLT to enhance engagement of their teams and strengthen enterprise information security programs and awareness in the business. Working collaboratively with key executives and divisional leadership, facilitate the process of translating Wellmark's corporate strategic information security vision into reality. Leveraging strong business acumen and technical credibility, foster support and understanding of the program, while ensuring compliance with related BCBSA, legal, regulatory, and professional standards and mandates. e. Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services and create maturity models and an information security road-map for continual program improvements. f. Oversee the development and implementation of effective and reasonable policies and practices, compliance, and information protection to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation. Provide vision and leadership for developing and supporting security initiatives. Directs the planning and implementation of a response strategy and action plan for addressing any disruption related to the continuous operation of business, vulnerability issues, data breaches, and security incidents. This includes developing response plans, the testing of those plans, and leading the recovery efforts as required. g. Lead EIS team to support security incident management and investigations, ensuring appropriate communication, risk mitigation and analysis is performed and documented. Lead Post Mortem discussion determine and specify explanation of the occurrence, solution implemented and lessons learned. Provide leadership to the security incident response team to contain, investigate and work to prevent future information security breaches. h. Strategically monitor and communicate to senior leadership of worldwide security trends, threats, vulnerabilities and potential impacts to Wellmark's business. Stay current with emerging information security tools, techniques and technologies within a changing threat landscape for potential Wellmark applications. Build and nurture productive relationships within the security ecosystem to ensure comprehensive, best in class programs and responses to internal and external threats. Identify, assess, evaluate and recommend threat mitigation techniques and monitor risks from a strategic, financial, operational and external perspective. i. Drive selection and use of security tools and technology to ensure that Wellmark's security processes are effective, cost-efficient and can be deployed and managed in a timely manner. Ensure the security management life-cycle is followed. Partner with Internal Audit stakeholders as needed to ensure expected controls are defined and consistently met. j. Implement, manage, and enforce information security directives as mandated by HIPAA regulation. Ensure that Wellmark's access control, incident response, risk management, and encryption needs are properly addressed. Establish and maintain information security programs, including awareness and training incident response and management and relevant IT architecture. k. Articulate the ongoing need for individual accountability for maintaining a secure enterprise ensure information security awareness and training initiatives are designed and implemented to educate the workforce about information risks and HIPAA security compliance. Oversee ongoing information risk assessments to ensure that information systems are adequately protected and meet HIPAA certification requirements. l. Other duties as assigned.