Harvard Pilgrim
Manager, Cyber and Information Security - Threat Management
Harvard Pilgrim, Bridgeport, Connecticut, 06610
"Who We ArePoint32Health is a leading health and wellbeing organization, delivering an ever-better personalized health care experience to everyone in our communities. At Point32Health, we are building on the quality, nonprofit heritage of our founding organizations, Tufts Health Plan and Harvard Pilgrim Health Care, where we leverage our experience and expertise to help people find their version of healthier living through a broad range of health plans and tools that make navigating health and wellbeing easier.We enjoy the important work we do every day in service to our members, partners, colleagues and communities. To learn more about who we are at Point32Health, click here.Job SummaryThe Manager, Threat Management, will report into the Director, Cyber and Information Security. The role is responsible for leading a team of cyber/information security staff responsible for developing and implementing strategies and practices to prevent cyber attacks (threat prevention) and/or detecting and responding to suspicious activities and security events (threat detection and response).Examples of responsibilities led or heavily influenced by this role include: Threat intelligence feeds/awareness/escalations Continuous monitoring, escalation, and response of suspicious activities Threat Hunting / IOCs Vulnerability management requirements, zero-day threat/exploit protocols data loss protection Continuous assessment, configuration, customization of SIEM, alerts Internal investigations, forensics, eDiscovery Logging requirements for technical assets Security Ops Center/MSSP/MDR Lead tabletop and simulation exercises After-action facilitation and action/remediation oversight Development and implementation of incident procedures/playbooks Lead the organization's Insider Risk (Threat) Working GroupKey Responsibilities/Duties - what you will be doingManage staff including supervision, assigning work, professional development, performance evaluation, recruitment, and coaching/mentoring,Provide coaching, constructive feedback and direction to staff to ensure successful achievement of projects and initiativesMonitor staff workloads to assist in resource allocation and ensure deliverable dates are metDevelop procedures and guidelines to support consistent delivery of servicesConsult with other Cyber and Information Security colleagues to continuously evaluate and implement security solutionsCommunicate potential security concerns/exposures to appropriate leadershipCoordinate and collaborate with business organizations and other IT groups to ensure quality solutions are delivered within project timelinesEngage in ongoing communications with peers in the IT groups as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster cooperation.Maintain up-to-date knowledge of the cyber and information security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors.Oversee the deployment, integration and configuration of all new security solutions and of any enhancements to existing security solutions in accordance with industry-leading practices generically and the enterprises security documents specifically.Ensures adequate and effective technical and non-technical controls exist to meet current and future security compliance requirements found in local, state, and federal laws and regulationsIdentify/recommend tools, processes, software, and hardware to improve or replace current security infrastructure practices, services, or technologies to meet future requirements.Other duties and projects as assigned.Qualifications - what you need to perform the jobEDUCATION, CERTIFICATION AND LICENSURE: Bachelors degree in Cyber Security, Computer Science, Risk Management, or related field preferred or equivalent experienceEXPERIENCE (minimum years required):5-7 years experience in cyber security initi tives which may include some or a combination of roles in IT Security, cyber security, risk, compliance, audit, threat detection, data privacy, etc.Experience managing a team and/or coaching team membersExperience developing policies/procedures for security processesSKILL REQUIREMENTS: Ability to lead a team including mentoring, coaching, and motivating, providing an opportunity to learn and grow at Point32HealthProven track record of successfully managing projects, with a particular emphasis on handling complex assignmentsDemonstrated history of achieving customer satisfaction by effectively managing both internal and external stakeholdersStrong relationship building skills; Must be able to work collaboratively and cooperatively as a team member and as a people managerAbility to influence peers and business stakeholdersAbility to effectively lead discussions and initiatives associated with Cyber and Information Security and to actively participate in technical discussions.WORKING CONDITIONS AND ADDITIONAL REQUIREMENTS (include special requirements, e.g., lifting, travel):Must be able to work under normal office conditions and work from home as required.Work may require simultaneous use of a telephone/headset and PC/keyboard and sitting for extended durations.May be required to work additional hours beyond standard work schedule. The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Management retains the discretion to add to or change the duties of the position at any time.Compensation and Total Rewards OverviewAs part of our comprehensive total rewards program, colleagues are also eligible for variable pay. Eligibility for any bonus, commission, benefits, or any other form of compensation and benefits remains in the Company's sole discretion and may be modified at the Companys sole discretion, consistent with the law.Point32Health offers their Colleagues a competitive and comprehensive total rewards package which currently includes:Medical, dental and vision coverageRetirement plansPaid time offEmployer-paid life and disability insurance with additional buy-up coverage optionsTuition programWell-being benefitsFull suite of benefits to support career development, individual and family health, and financial healthFor more details on our total rewards programs, visit https://www.point32health.org/careers/benefits/Commitment to Diversity, Equity, Inclusion, Accessibility (DEIA) and Health EquityPoint32Health is committed to making diversity, equity, inclusion, accessibility and health equity part of everything we dofrom product design to the workforce driving that innovation. Our Diversity, Equity, Inclusion, Accessibility (DEIA) and Health Equity team's strategy is deeply connected to our core values and will evolve as the changing nature of work shifts. Programming, events, and an inclusion infrastructure play a role in how we spread cultural awareness, train people leaders on engaging with their teams and provide parameters on how to recruit and retain talented and dynamic talent. We welcome all applicants and qualified individuals, who will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.Scam Alert: Point32Health has recently become aware of job posting scams where unauthorized individuals posing as Point32Health recruiters have placed job advertisements and reached out to potential candidates. These advertisements or individuals may ask the applicant to make a payment. Point32Health would never ask an applicant to make a payment related to a job application or job offer, or to pay for workplace equipment. If you have any concerns about