Director, Identity Access Management and Cyber Security Risk Management

Employment Type: Full-time

Exempt or Non-Exempt: Exempt

Job Summary

The Director of IAM (Identity Access Management) and Cyber Security Risk Management is responsible for managing HMSA's IAM and Cyber Security Risk Management function. This position leads a cross-functional team of IAM and Cyber Security Risk Management specialists in support of the HMSA's business and Cyber Security strategy.

Minimum Qualifications

• Bachelor's degree and five years of relevant IT experience; or an equivalent combination of education (including industry certifications) and relevant work experience.
• Three years of supervisory/management experience.
• Strong written and verbal communications skills.
• Strong customer service skills.
• Strong process and project management skills.
• Intermediate working knowledge of Microsoft Office applications, including but not limited to Word, Excel, Outlook, and PowerPoint.
• Strong knowledge of operating systems, architecture, and various software and hardware products.
• Good technical and troubleshooting skills.
• Intermediate understanding and implementation capability of security best practices and technology and demonstrate proficiency in the application of established information security practices.

Duties and Responsibilities

• IAM and Cyber Security Risk Management:
  • Oversees and manages HMSA's IAM and Cyber Risk Management program leveraging IAM and IT Risk management best practices, industry standards, and frameworks.
  • Create and maintain the IAM and Cyber Risk roadmap in accordance with the CISO's strategy.
  • Ensure all necessary policies and procedures are in place to align with compliance requirements and the NIST framework.
  • Develop Key Performance Indicators and SLAs for IAM and Cyber Risk Management programs; communicate these metrics with other leaders.
  • Ensure the cyber risk management team supports Enterprise IT Audits; collaborate with Internal Audit on all Cyber Security Risk-related activities; act as the main point of contact for Cyber Security Risk.
  • Effectively leverage HMSA Cyber Security vendors to align with HMSA's IAM and Cyber Security Risk Management strategy.
  • Ensure IAM and Cyber Risk Management related projects are completed within scope, timelines, and budget.
  • Manage third-party cyber risk management. Ensure policies and procedures are created and followed. Track Corrective Action Planning. Ensure activities align with NIST requirements.
  • Provide oversight of user and system identities, and access to data and systems throughout the HMSA enterprise. This position leads the implementation and management of IAM best practices and identity governance for in-house, vendor, and hosted solutions.
• Cyber Security Training and Awareness:
  • Create and maintain policies related to Cyber Security.
  • Prepare content and conduct training related to Cyber Security.
  • Conduct phishing exercises/campaigns and training related to phishing risks.
  • Work with other teams such as privacy on training initiatives.
• Personnel Management:
  • Provide leadership, manage, and coach cybersecurity unit staff in overall Information Security Program management. Provide management support including personnel, budget, and other administrative responsibilities (i.e., mentoring, performance management, career planning and counseling, etc.).
  • Manage budget to ensure the organization's cyber security program is conducted in a cost-conscious and financially responsible manner.
• Perform all other miscellaneous responsibilities and duties as assigned or directed.