Director, Privacy & Security Enterprise Engagement

About The Position

Requirements

• Bachelor's degree in Information Security, Information Technology, Computer Science or other related field.
• CISSP (Certified Information Systems Professional), CISM, CRISC (Certified Risk and Information Systems Control), CGEIT or related advanced Risk or Security certification.
• 8 years of experience with security capabilities, technologies, and architecture.
• 5 years of experience in leading Business Information Security Officer (BISO), Technology Information Security Officer (TISO), or Technical Enterprise Engagement teams and engaging with executive leaders.
• 3 years of experience with government sponsored health plan operations and associated regulatory and contractual requirements or similarly regulated industry.
• 3 + years of supervisory/management experience.
• Ability to navigate and communicate regulatory, legislative, and contractual privacy and security requirements within the context of business operations and supporting technology environments.
• Ability to engage in a dialogue with business and technology stakeholders to achieve agreement on how to meet privacy and security requirements.
• Ability to lead and develop business and technology facing engagement teams within the context of regulatory, legislative, and contractual privacy and security requirements.

Nice To Haves

• Master's degree preferred.

Responsibilities

• Lead, coach, and scale the Shared Service EEO team to deliver consistent, high-quality engagement across all assigned state Medicaid Health Plans and the Medicare and Marketplace lines of business.
• Align staffing and resources to shared service and line of business complexity, volume, and key cycles.
• Ensure the team’s alignment with and achievement of defined goals.
• Responsible for onboarding, training, allocating and prioritizing tasks, setting goals, and managing performance and career development for team members.
• Serve as the primary EPSRM engagement leader for Health Plan lines of business; support stakeholders as needed to track obligations, risks, and decisions.
• Direct and oversee the team’s ongoing efforts to serve as a subject-matter-expert for privacy, security and AI requirements and ensure regulatory, legislative, and contractual privacy, security & AI requirements are understood and operationalized.
• Provide Executive-ready updates for Health Plan and EPSRM leadership.
• Build trusted relationships with internal and external stakeholders to resolve blockers and escalate issues effectively.
• Meet with regulators or other state representatives to answer questions and achieve clarity on the understanding of requirements.
• Meet with auditors to demonstrate Centene's privacy, security, AI and operational resilience compliance.
• Interpret and operationalize privacy, security, AI, and business continuity obligations from contracts, RFPs, and laws/regulations (e.g., HIPAA, CMS/MARS-E/ARC-AMPE, NCQA, state Medicaid/Exchange).
• Maintain a centralized requirements & deliverables register or pipeline mapping obligations to owners, timelines, and evidence for audits & assessments.
• Ensure adequacy of control validation evidence and support gap closure prior to delivery or readiness reviews.
• Monitor legal and regulatory changes and how they are/will impact contracts and effectively communicating impacts to stakeholders.
• Direct and oversee the team’s ongoing efforts to discover, assess impact of, and communicate new or changing regulatory, legislative, and contractual requirements related to privacy, security, AI and operational resilience.
• Direct and oversee the team's ongoing efforts to identify and bring awareness to privacy, security, AI and operational resilience risks and control gaps, and champion solutions for those within the context of Centene's business operations and technology environments in partnership with internal and external teams to EPSRM.
• Ensure System Security Plans (SSPs) or System Security & Privacy Plans (SSPPs) and other related deliverables are accurate & complete.
• Establish and mature processes for plan deliverables (i.e., SSPs/SSPPs, BCP plans, incident response attestations, vendor security attestations, etc.).
• Support the Market Team as they work with market entries, procurements, and renewals—including RFP responses and readiness reviews.
• Direct and oversee the team’s ongoing efforts to ensure privacy, security, AI and operational resilience objectives are treated as business and technology requirements.
• Facilitate regulator and client requests with timely, accurate responses aligned to relevant policy.
• Ensure Health Plans understand EPSRM expectations for activities related to incident response, breach reporting, vendor management, etc.
• Validate readiness through participation in tabletop exercises and evidence reviews.
• Drive enhancements to engagement processes, reporting, and compliance maturity.
• Support and contribute to EPSRM’s multi-year plan and portfolio reporting.
• Lead and manage Shared Services EEO team member performance, onboarding, and career development.
• Establish Shared Services engagement Objectives & Key Results (OKRs) and deliver reporting at defined intervals.
• Lead a team of and be a subject-matter expert for privacy, security, and AI requirements, including engagement with regulators and auditors.
• Coordinate cross-functional inputs for deliverables and ensure timely completion.
• Performs other duties as assigned.
• Complies with all policies and standards.

Benefits

• competitive pay
• health insurance
• 401K
• stock purchase plans
• tuition reimbursement
• paid time off
• holidays
• a flexible approach to work with remote, hybrid, field or office work schedules