Sr Principal Business Information Security Officer

USA
$127,295 per year
Permanent
Full-time

2 days ago

This is a 100% remote position that will lead cybersecurity compliance efforts ensuring adherence to federal regulations and contracts. The ideal candidate brings deep experience in federal cybersecurity frameworks, stakeholder engagement, and information security leadership.Responsibilities:Lead GRC initiatives supporting federal contracts.Ensure compliance with federal cybersecurity frameworks including NIST 800-53, NIST 800-171, FAR/DFARS.Lead CMMC certification and/or FedRAMP authorization.Maintain organization information in the Supplier Risk Performance System (SPRS)Develop and maintain System Security Plans (SSPs), POA&Ms, and Authority to Operate (ATO) packages as needed.Conduct gap analyses security control assessments to ensure continuous compliance and readiness for external assessments.Support federal contractor information systems and ensure alignment with contract-specific security requirements.Collaborate with program managers, technical teams, and external clients to implement security controls to mitigate risks.Serve as a liaison with federal clients and third-party assessors.Required Skills:Experience leading an organization's achievement of FAR/DFARS and FedRAMP compliance.Strong knowledge of NIST 800-53, NIST 800-171, FAR/DFARS, CMMC, and FedRAMP.Strong communication and documentation skills, including briefing senior leadership and government stakeholders.Ability to translate regulatory requirements into actionable security controls and program strategies.Experience with NIST 800-37 Risk Management Framework (RMF).Possess at least one of the following certifications: CISM, CISA, CISSP, CGRC, CCP, CCA.Previous ISSO or BISO experience.Experience with HIPAA, HITRUST, and SOC 2 compliance.Promotes a positive security culture for the organization by protecting the confidentiality, integrity, and availability of data and assets while assisting the company to successfully meet its strategic goals. Leads the engineering, implementation, and maintenance of security processes and solutions throughout the enterprise according to policy and risk. This role will lead the design, development, and maintenance of the security environment and architecture to ensure the assets are protected. Be a champion to their team and other business units to promote a secure organization through positive knowledge sharing, training, influences, and conduct. Serve as a senior member of the Information Security team providing senior level expertise from various IT disciplines with focus in information security.Leads efforts to ensure adequate security processes and solutions to mitigate or remediate identified risks sufficiently to meet business objectives, contractual and/or regulatory requirements.Leads incident response activities, ensuring security incidents are properly contained, eradicated, and recovered.Drives development of security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification and destruction.Ensures proper security logs are generated and sent to the organization’s Security Information and Event Management (SIEM) system.Researches and implements emerging technologies to enhance the security portfolio.Persistently evaluates adherence with defined policies and standards.Leads efforts with identifying, remediating, and/or mitigating vulnerabilities in the environment, ensuring appropriate response to high risk and aged findings.Leads the development, design, implementation, and maintenance of a secure environment for Magellan Health.Ensures Magellan security processes and solutions are protected against a failure or attack that reduces the organization’s ability to respond to security incidents.Ensures Magellan processes and solutions are maintained securely and highly available to protect the confidentiality, integrity and availability of assetsMonitors and ensures systems revisions and patches are up to date.Manages and performs changes to the solutions and remove unnecessary services.Understands risks and impact to systems in the corporate environment and their interconnectivityBuilds cross function team unity by supporting other Magellan team members to understand security risks and impact to all corporate solutionsPerforms forensic analysis and risk assessments for the entire environment.Designs and manages enterprise high-availability solutions running a complex arrangement of operating systems, including system updates, log analysis, access controls and backup.Performs changes to the solution configurations to add new services, adapt existing services, and removes unnecessary services.Monitors, remediates and mitigates security violations for network, devices, servers and other assetsDesigns, implements and maintains security guidelines and a security infrastructure for Magellan Health.Develops technical solutions to autonomously verify compliance with required technical controls. The job duties listed above are representative and not intended to be all-inclusive of what may be expected of an employee assigned to this job. A leader may assign additional or other duties which would align with the intent of this job, without revision to the job description.Other Job RequirementsResponsibilities 12+ years of IT experience required.Minimum of 10 years of experience in Information Security.May substitute 2 or more relevant certifications for a year of experience.Demonstrated knowledge and experience in each of the following information security principles: risk assessment and management, threat and vulnerability management, incident response, and identity & access management.Understand network protocols and packet analysis tools such as TCPDUMP and Wireshark.Knowledge of and experience with security-related systems and applications, firewalls, load balancers, intrusion detection/prevention, and web content filtering.Familiarity with information security publications (e.g., NIST 800-53), incident response, problem resolution, vulnerability remediation, computer forensic techniques and eDiscovery, reviewing automated security test results, and network and host-based firewalls.Ability to work with multi-discipline teams and cross-functional management.Excellent verbal and written communication skills with the ability to collaborate effectively with other groups.Able to effectively manage evolving and competing objectives.Possesses a mastery of the use of information security tools and techniques.Has strong leadership, communication, and negotiation skills.Results driven with a bias for action.General Job InformationTitle Sr Principal Business Information Security OfficerGrade 32Work Experience - Required Information Security, ITWork Experience - PreferredEducation - RequiredEducation - Preferred Bachelor's - Information SecurityLicense and Certifications - RequiredLicense and Certifications - Preferred CEH-Certified Ethical Hacker - EnterpriseEnterprise, CISSP - Certified Information Systems Security Professional - EnterpriseEnterprise, GISP-GIAC Information Security Professional - EnterpriseEnterprise, GSEC-SANS GIAC Security Essentials - EnterpriseEnterprise, Network+ - EnterpriseEnterprise, Security+ - EnterpriseEnterpriseSalary RangeSalary Minimum: $127,295Salary Maximum: $229,105This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Actual pay will be adjusted based on an individual's skills, experience, education, and other job-related factors permitted by law.This position may be eligible for short-term incentives as well as a comprehensive benefits package. Magellan offers a broad range of health, life, voluntary and other benefits and perks that enhance your physical, mental, emotional and financial wellbeing.Magellan Health, Inc. is proud to be an Equal Opportunity Employer and a Tobacco-free workplace. EOE/M/F/Vet/Disabled.
Every employee must understand, comply with and attest to the security responsibilities and security controls unique to their position; and comply with all applicable legal, regulatory, and contractual requirements and internal policies and procedures.

Magellan Health

Apply Now