- Interpreting and applying information security policies and implementing standards
- Experience implementing and assessing security controls
- Ability to develop POAMs, identify findings/shortcomings and drive gap remediations
- Work with Information Technology stakeholders to implement security
- Knowledge of incident response process and activities
- Experience with remediating vulnerabilities and performing oversight
- Experience with interpreting and conveying meaningful security metrics and reporting
- Communication and presentation skills
- Experience with new process creation
- CISSP, CISM and/or CISA preferred
Promotes a positive security culture for the organization by protecting the confidentiality, integrity, and availability of data and assets while assisting the company to successfully meet its strategic goals. Leads the engineering, implementation, and maintenance of security processes and solutions throughout the enterprise according to policy and risk. This role will lead the design, development, and maintenance of the security environment and architecture to ensure the assets are protected. Be a champion to their team and other business units to promote a secure organization through positive knowledge sharing, training, influences, and conduct. Serve as a senior member of the Information Security team providing senior level expertise from various IT disciplines with focus in information security.
Leads efforts to ensure adequate security processes and solutions to mitigate or remediate identified risks sufficiently to meet business objectives, contractual and/or regulatory requirements.
Leads incident response activities, ensuring security incidents are properly contained, eradicated, and recovered.
Drives development of security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification and destruction.
Ensures proper security logs are generated and sent to the organization’s Security Information and Event Management (SIEM) system.
Researches and implements emerging technologies to enhance the security portfolio.
Persistently evaluates adherence with defined policies and standards.
Leads efforts with identifying, remediating, and/or mitigating vulnerabilities in the environment, ensuring appropriate response to high risk and aged findings.
Leads the development, design, implementation, and maintenance of a secure environment for Magellan Health.
Ensures Magellan security processes and solutions are protected against a failure or attack that reduces the organization’s ability to respond to security incidents.
Ensures Magellan processes and solutions are maintained securely and highly available to protect the confidentiality, integrity and availability of assets
Monitors and ensures systems revisions and patches are up to date.
Manages and performs changes to the solutions and remove unnecessary services.
Understands risks and impact to systems in the corporate environment and their interconnectivity
Builds cross function team unity by supporting other Magellan team members to understand security risks and impact to all corporate solutions
Performs forensic analysis and risk assessments for the entire environment.
Designs and manages enterprise high-availability solutions running a complex arrangement of operating systems, including system updates, log analysis, access controls and backup.
Performs changes to the solution configurations to add new services, adapt existing services, and removes unnecessary services.
Monitors, remediates and mitigates security violations for network, devices, servers and other assets
Designs, implements and maintains security guidelines and a security infrastructure for Magellan Health.
Develops technical solutions to autonomously verify compliance with required technical controls.
Other Job Requirements
7+ years of IT experience required.
Minimum of 5 years of experience in Information Security.
May substitute 2 or more relevant certifications for a year of experience.
Demonstrated knowledge and experience in each of the following information security principles: risk assessment and management, threat and vulnerability management, incident response, and identity & access management.
Understand network protocols and packet analysis tools such as TCPDUMP and Wireshark.
Knowledge of and experience with security-related systems and applications, firewalls, load balancers, intrusion detection/prevention, and web content filtering.
Familiarity with information security publications (e.g., NIST 800-53), incident response, problem resolution, vulnerability remediation, computer forensic techniques and eDiscovery, reviewing automated security test results, and network and host-based firewalls.
Ability to work with multi-discipline teams and cross-functional management.
Excellent verbal and written communication skills with the ability to collaborate effectively with other groups.
Able to effectively manage evolving and competing objectives.
Possesses a mastery of the use of information security tools and techniques.
Has strong leadership, communication, and negotiation skills.
Results driven with a bias for action.
General Job Information
Lead Business Information Security Officer
Work Experience – Required
Information Security, IT
Work Experience – Preferred
Education – Required
Education – Preferred
Bachelors – Computer and Information Science
License and Certifications – Required
License and Certifications – Preferred
CEH-Certified Ethical Hacker – Enterprise, CISSP – Certified Information Systems Security Professional – Enterprise, GISP-GIAC Information Security Professional – Enterprise, GSEC-SANS GIAC Security Essentials – Enterprise, Network+ – Enterprise, Security+ – Enterprise
Magellan Health, Inc. is proud to be an Equal Opportunity Employer and a Tobacco-free workplace. EOE/M/F/Vet/Disabled.
Every employee must understand, comply with and attest to the security responsibilities and security controls unique to their position; and comply with all applicable legal, regulatory, and contractual requirements and internal policies and procedures.