Director, Information Security

Job Description

Description: Creates and communicates strategic direction for defense-in-depth security posture for affiliates and joint ventures. Manages an organization responsible for the creation and/or implementation of information security policies, programs, and procedures to cost-effectively and efficiently protect information and information systems assets from Intentional or inadvertent modification; disclosure or destruction; unauthorized access; reduced, interrupted or terminated, processing capability; malicious logic or virus activity; or loss, theft, damage or destruction of any IT resources.

64598

Fundamental Components: Responsible for security strategies utilizing industry security standards, normative comparisons with industry peers, best practice research and Aetna specific business and technology requirements. Maintains currency with government and regulatory affairs interpreting legislation in a security context to ensure company compliance. (e.g. HIPAA, GLBA, SOX) Designs, implements and deploys information security policies, procedures and guidelines. Continually evaluate processes to ensure compliance with regulatory environment as well as internal controls validation. Supervises managers, sukpervisors or team leads or may direct the work of higly skilled technical specialists. has the authority to hire new staff and terminate existing staff through appropriate corporate process. Responsible for pay administation and semi-annual appraisal process.
Has responsiblity for unique roles such as a security crisis event management, supporting business resiliency efforts, and understanding physical and cybersecurity technologies.
Responsible for developing, maintaining, publishing and/or enforcing informatin security standards and guidelines encompassing data, and intellectual security. Provides reports to Management regarding the effectiveness of network and data security and making recommendations for the adoption of new procedures and technologies, as required. Based on organization's recommendations, approves the purchase and manages deployment for the adoption of new procedures and technologies as required. Provides confidence and leadership to project teams in cross-functional environments and efforts.
Monitors changes in legislation and accreditation standards that affect information security. Monitors internal control systems to ensure that appropriate information access levels and security clearances are maintained. Establishes meaningful metrics on key critical infrastructure components of information security and monitoring of these to ensure the confidentiality, integrity and availability of information and processes. Ensures awareness of organization's information security policies and procedures among employees, contractors, alliances and other third parties.Initiates, facilitates, and promotes activities to foster information security awareness within the organization. Actively promotes awareness and education through management presentations, staff meetings, collaboration with other departments and road shows. Provides direct information security training to all employees, contractors, alliances, and other third parties. Work directly with regulatory PMOs, the legal department, compliance office and regional privacy and security managers to coordinate internal and external audits and follow lup with implementatin, based audit recommendations. Serves as an internal information security consultant to the organization. Monitoring advancements in information security technologies. Communicates unresolved information security exposures, misuse, or non-compliance situations to senior management. Participates in the activities of the Information Security Committee, responsible for the organization's information security program. Manages the daily work flow within all or part of the group organization. Background Experience: * Experience leading teams in support of security efforts.
​* Experience managing, leading and providing supporting evidence for audit activities (SOC 2, NYDFS, ISO2001 as examples)
​* Experience with customer focused engagements
​* Experience identifying security risks and driving remediation efforts to conclusion.
​ Additional Job Information:
Required Skills: General Business - Communicating for Impact, General Business - Maximizing Work Practices, General Business - Turning Data into Information Desired Skills: Technology - Creating Technology Partnerships, Technology - Leveraging Technology, Technology - Selecting and Applying Technology Solutions Functional Skills: General Management - Multi-functional management: < 25 employees, Information Technology - Security Technology Experience: Security - Active Directory, Security - Sudu (Unix root control), System Management - Information Security Management Education: Information Management - Certified Information Security Manager (CISM), Information Management - Certified Information Systems Security Professional (CISSP) - - sponsored by International Information Systems Security Certification Consortium, Information Technology - Certified in Risk and Information Systems Control certification (CRISC) Potential Telework Position: Yes Percent of Travel Required: 10 - 25% EEO Statement: Aetna is an Equal Opportunity, Affirmative Action Employer Benefit Eligibility: Benefit eligibility may vary by position. Click here to review the benefits associated with this position. Candidate Privacy Information: Aetna takes our candidate's data privacy seriously. At no time will any Aetna recruiter or employee request any financial or personal information (Social Security Number, Credit card information for direct deposit, etc.) from you via e-mail. Any requests for information will be discussed prior and will be conducted through a secure website provided by the recruiter. Should you be asked for such information, please notify us immediately.