Director of IT Security

Blue Shield of California

San Francisco

Job Description

Director of IT Security is accountable for proactively overseeing all ongoing activities related to the confidentiality, integrity and availability of sensitive BSC electronic data; as well as compliance with federal, state and local laws and BSC's electronic security policies regarding the handling of legal, financial, personal, health and other sensitive information in compliance with federal and state laws and BSC's electronic security practices.

The Director of IT Security must effectively create and/or coordinate the strategy, architecture and execution of information security plans in support of BSC's strategy and consistent with Security Policy developed by Internal Audit Services. This position reports into the head of infrastructure & Operations, with a dotted line accountability to the CIO. It will manage the staff and budget for IT Security, which operates within the Infrastructure and Operations Division of BSC's Information Technology Department. This position has the authority to address all IT security implications and concerns throughout the organization as described below; and legislative/regulatory directions must be monitored to anticipate the best use of resources and to modify priorities to meet the changing market.

Critical responsibilities for this role will include:

Development and implementation of a Security Strategy. A new high level architecture was drafted in 2008, and has been approved by the BSC Technology Committee. Development of a roadmap needs to be completed and maintained; and the annual and multi-year investment recommendations, prioritization and tradeoffs are the responsibility of this position.

Development and ownership of the Security Architecture which incorporates applications, data, network and operations. Participates in the Enterprise Architecture Review Board and BSC Technology Committee. Providing a security view of technical choices, and assessing operational impact and supportability of those choices.

Oversees the IT security operations function, including the security monitoring of IT systems under the corporation's control and delegates; leading security solutions implementations.

Threat & Vulnerability Management, including analysis, supports the security incident response team, penetration and vulnerability testing, malware and malicious code management, IP content monitoring, and data loss prevention.

Oversight of 3rd party security which includes vendor security program certification, and network access agreements.

Working with Internal Audit Services ensures compliance with policies, and development of specific IT policies if required. Ensures compliance and monitoring of all company services and systems to assure IT Security practices and policies are implemented.

Working with Legal, Internal Audit and the Privacy Office, assists in retrieving, monitoring and/or recording activities of individuals or groups who are involved in incidents that violate corporate polices, HIPAA requirements, and applicable laws.

Participating in monitoring of all trading partner and business associate agreements to ensure all IT security concerns, requirements, and responsibilities are addressed. Providing consultation to the Privacy office in this area.