Associate Director, Information Security Engineering

We are seeking an experienced and dynamic Information Security Manager to establish and lead an Information Security Team. This role will serve as a trusted advisor, operational leader, and key liaison, ensuring alignment across cybersecurity initiatives, business priorities, and executive objectives.

The successful candidate will ensure seamless coordination of security functions while fostering a culture of collaboration and accountability. This role requires a strategic thinker with strong leadership skills, a deep understanding of information security best practices, and the ability to drive organizational alignment on security initiatives.

1. Strategic Planning & Execution: Partner with the CISO and Director of Cybersecurity Engineering to define and execute the cybersecurity strategy, aligning with broader business objectives. Drive strategic initiatives, ensure progress against key priorities, and track measurable outcomes. Facilitate decision-making processes by providing data-driven insights and strategic recommendations.
2. Operational Excellence: Identify and integrate security functions across the organization to create a cohesive and efficient security strategy. Act as a central point of contact for cross-functional teams to align on security priorities, policies, and processes.
3. Enhance Security Posture: Collaborate with stakeholders to identify gaps in the organization's security posture and develop actionable plans to address them. Drive initiatives to enhance the company's ability to protect its assets, data, systems, and reputation.
4. Enable Business Operations: Partner with business leaders to ensure that security measures align with business goals while minimizing disruption to operations. Advocate for security as a business enabler by demonstrating how robust practices can support growth and innovation.
5. Stakeholder Engagement: Build strong relationships with key stakeholders across departments, including ET, Legal, Compliance, Risk Management, HR, and Operations. Facilitate regular meetings with stakeholders to discuss progress on security initiatives and gather feedback for continuous improvement.
6. Develop Holistic Security Strategies: Create a unified information security strategy that reflects industry standards while addressing the unique needs of the organization. Ensure alignment of security efforts that protect the organization effectively.
7. Measure Success: Define key performance indicators (KPIs) to measure the effectiveness of the security program and other initiatives. Provide regular reporting on program performance, risk reduction efforts, and overall improvements in security posture.

• Technically competent with a deep understanding of information security and security operations standard processes and challenges.
• Experience with standard enterprise class tools, processes, and compliance activities.
• Adaptability & Growth: Adapts leadership work style to fit environment needs; develops and demonstrates understanding of the BCBSMA environment; capable of working with others to follow through on cross-functional tasks.
• Analyzing Needs & Proposing Solutions: Owns problems and solutions as a creative problem solver; considers implications of solutions in the cultural and organizational context.
• Fostering Teamwork & Collaboration: Seeks and develops suggestions from others, drives partnerships, uses influencing techniques, and builds trust.
• Effective Communication: Provides concise messages tailored to audiences, influences, negotiates, and advocates effectively.
• Acting with Urgency: Takes proactive actions, provides leadership, and adjusts plans as needed.
• Leadership Responsibilities: Collaborates cross-functionally to meet goals, influences decisions, supports initiatives, and champions process improvements.

• BS in Technology or Computer Science (Master's preferred) with 5+ years of experience.
• CISSP certification preferred.
• Experience managing security engineering or operations teams in large enterprises.
• Management experience with senior technologists and engineers.
• Operational experience with enterprise SIEM and vulnerability tools.
• Familiarity with risk management, vulnerability management, incident response, and compliance (HIPAA, etc.).
• Strong problem-solving skills and a passion for security culture.

#LI-Hybrid