Description
This is a 100% remote position that will lead cybersecurity compliance efforts ensuring adherence to federal regulations and contracts. The ideal candidate brings deep experience in federal cybersecurity frameworks, stakeholder engagement, and information security leadership.Responsibilities:
- Lead GRC initiatives supporting federal contracts.
- Ensure compliance with federal cybersecurity frameworks including NIST 800-53, NIST 800-171, FAR/DFARS.
- Lead CMMC certification and/or FedRAMP authorization.
- Maintain organization information in the Supplier Risk Performance System (SPRS)
- Develop and maintain System Security Plans (SSPs), POA&Ms, and Authority to Operate (ATO) packages as needed.
- Conduct gap analyses security control assessments to ensure continuous compliance and readiness for external assessments.
- Support federal contractor information systems and ensure alignment with contract-specific security requirements.
- Collaborate with program managers, technical teams, and external clients to implement security controls to mitigate risks.
- Serve as a liaison with federal clients and third-party assessors.
- Experience leading an organization's achievement of FAR/DFARS and FedRAMP compliance.
- Strong knowledge of NIST 800-53, NIST 800-171, FAR/DFARS, CMMC, and FedRAMP.
- Strong communication and documentation skills, including briefing senior leadership and government stakeholders.
- Ability to translate regulatory requirements into actionable security controls and program strategies.
- Experience with NIST 800-37 Risk Management Framework (RMF).
- Possess at least one of the following certifications: CISM, CISA, CISSP, CGRC, CCP, CCA.
- Previous ISSO or BISO experience.
- Experience with HIPAA, HITRUST, and SOC 2 compliance.
Promotes a positive security culture for the organization by protecting the confidentiality, integrity, and availability of data and assets while assisting the company to successfully meet its strategic goals. Leads the engineering, implementation, and maintenance of security processes and solutions throughout the enterprise according to policy and risk. This role will lead the design, development, and maintenance of the security environment and architecture to ensure the assets are protected. Be a champion to their team and other business units to promote a secure organization through positive knowledge sharing, training, influences, and conduct. Serve as a senior member of the Information Security team providing senior level expertise from various IT disciplines with focus in information security.
- Leads efforts to ensure adequate security processes and solutions to mitigate or remediate identified risks sufficiently to meet business objectives, contractual and/or regulatory requirements.
- Leads incident response activities, ensuring security incidents are properly contained, eradicated, and recovered.
- Drives development of security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification and destruction.
- Ensures proper security logs are generated and sent to the organization's Security Information and Event Management (SIEM) system.
- Researches and implements emerging technologies to enhance the security portfolio.
- Persistently evaluates adherence with defined policies and standards.
- Leads efforts with identifying, remediating, and/or mitigating vulnerabilities in the environment, ensuring appropriate response to high risk and aged findings.
- Leads the development, design, implementation, and maintenance of a secure environment for Magellan Health.
- Ensures Magellan security processes and solutions are protected against a failure or attack that reduces the organization's ability to respond to security incidents.
- Ensures Magellan processes and solutions are maintained securely and highly available to protect the confidentiality, integrity and availability of assets
- Monitors and ensures systems revisions and patches are up to date.
- Manages and performs changes to the solutions and remove unnecessary services.
- Understands risks and impact to systems in the corporate environment and their interconnectivity
- Builds cross function team unity by supporting other Magellan team members to understand security risks and impact to all corporate solutions
- Performs forensic analysis and risk assessments for the entire environment.
- Designs and manages enterprise high-availability solutions running a complex arrangement of operating systems, including system updates, log analysis, access controls and backup.
- Performs changes to the solution configurations to add new services, adapt existing services, and removes unnecessary services.
- Monitors, remediates and mitigates security violations for network, devices, servers and other assets
- Designs, implements and maintains security guidelines and a security infrastructure for Magellan Health.
- Develops technical solutions to autonomously verify compliance with required technical controls.
Other Job Requirements
Responsibilities
12+ years of IT experience required.
Minimum of 10 years of experience in Information Security.
May substitute 2 or more relevant certifications for a year of experience.
Demonstrated knowledge and experience in each of the following information security principles: risk assessment and management, threat and vulnerability management, incident response, and identity & access management.
Understand network protocols and packet analysis tools such as TCPDUMP and Wireshark.
Knowledge of and experience with security-related systems and applications, firewalls, load balancers, intrusion detection/prevention, and web content filtering.
Familiarity with information security publications (e.g., NIST 800-53), incident response, problem resolution, vulnerability remediation, computer forensic techniques and eDiscovery, reviewing automated security test results, and network and host-based firewalls.
Ability to work with multi-discipline teams and cross-functional management.
Excellent verbal and written communication skills with the ability to collaborate effectively with other groups.
Able to effectively manage evolving and competing objectives.
Possesses a mastery of the use of information security tools and techniques.
Has strong leadership, communication, and negotiation skills.
Results driven with a bias for action.
General Job Information
Title
Sr Principal Business Information Security Officer
Grade
32
Work Experience - Required
Information Security, IT
Work Experience - Preferred
Education - Required
Education - Preferred
Bachelor's - Information Security
License and Certifications - Required
License and Certifications - Preferred
CEH-Certified Ethical Hacker - EnterpriseEnterprise, CISSP - Certified Information Systems Security Professional - EnterpriseEnterprise, GISP-GIAC Information Security Professional - EnterpriseEnterprise, GSEC-SANS GIAC Security Essentials - EnterpriseEnterprise, Network+ - EnterpriseEnterprise, Security+ - EnterpriseEnterprise
Salary Range
Salary Minimum:
$127,295
Salary Maximum:
$229,105
This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Actual pay will be adjusted based on an individual's skills, experience, education, and other job-related factors permitted by law.
This position may be eligible for short-term incentives as well as a comprehensive benefits package. Magellan offers a broad range of health, life, voluntary and other benefits and perks that enhance your physical, mental, emotional and financial wellbeing.
Magellan Health, Inc. is proud to be an Equal Opportunity Employer and a Tobacco-free workplace. EOE/M/F/Vet/Disabled.
Every employee must understand, comply with and attest to the security responsibilities and security controls unique to their position; and comply with all applicable legal, regulatory, and contractual requirements and internal policies and procedures.
