Sr. Mgr. Cybersecurity Risk

About The Position

Requirements

• Minimum high school diploma or GED
• Industry certifications required (e.g., CISSP, CISA, CRISC, or equivalent).
• Experience establishing & maintaining relationships with individuals at all levels within the organization as well as third parties.
• 10 years of continuous experience in Information Security in any two of the following areas: - Third Party Risk Management - Information Security Risk Management - Project and Technology Risk Assessments - Enterprise and Application HIPAA Risk Assessments - Information Security Risk Management Metrics Management
• Highly effective communicator capable of relating technical and nontechnical information to senior audiences with impact.
• Requires knowledge of regulatory and contractual compliance, including HIPAA requirements, for information systems.
• Knowledge and working experience on eGRC tools and technologies.
• Experience with strategic work planning and a demonstrated ability to manage toward budget and work plan goals.
• Proven skills leading high talent teams and demonstrated ability to prioritize workload and meet project deadlines.
• Strong technical background, as well as the ability to work with the IT organization and business management to align priorities and plans with key business objectives.
• Requires exceptional analytical thinking skills.
• Requires excellent verbal and written communication skills.
• Requires excellent interpersonal skills and the ability to work effectively with others as a team.
• Requires excellent PC skills and demonstrated proficiency with MS Office Suite.
• Requires the ability to handle multiple tasks and prioritize effectively.

Responsibilities

• Define, lead, and manage all aspects of the Third Party Risk Management (TPRM) Program.
• Identify, document, and communicate security risks and control deficiencies to business and IT stakeholders, driving awareness of emerging and relevant risks across Horizon BCBSNJ’s third-party landscape.
• Establish and maintain third-party privacy and security policies and standards, and oversee program effectiveness through measurement, governance, and continuous improvement.
• Serve as the primary information security risk interface to leadership teams, providing strategic guidance and insight on third-party and enterprise risk exposures.
• Direct and manage the Information Security Risk Management (ISRM) program, including team leadership, budget planning, resource allocation, and development of enterprise risk metrics and reporting.
• Ensure IT project risk assessments, application security reviews, and vendor risk assessments are integrated into the eGRC platform to support compliance with corporate information security policies and standards.
• Act as a trusted advisor to business stakeholders by maintaining ongoing awareness and alignment on identified and emerging risks.
• Partner with Internal Audit, Corporate Compliance, Office of General Counsel, and Risk Management to remediate identified issues, and track security-related findings within the eGRC system.
• Provide subject matter expertise and security risk consulting for third-party contracts (MSAs, BAAs, SOWs) and hosted services (SaaS, PaaS, IaaS) across all Strategic Sourcing engagements.
• Serve as the liaison to Enterprise Risk Management (ERM) for technology and cybersecurity risks, including collaboration on annual risk quantification for Horizon BCBSNJ’s Own Risk and Solvency Assessment (ORSA).
• Collaborate with the Director of Information Security and key stakeholders to enhance eGRC program procedures, controls, and the overall ISRM framework.
• Lead and manage security initiatives that address identified risks and business requirements, ensuring compliance with regulatory, legal, and industry best practices.

Benefits

• Comprehensive health benefits (Medical/Dental/Vision)
• Retirement Plans
• Generous PTO
• Incentive Plans
• Wellness Programs
• Paid Volunteer Time Off
• Tuition Reimbursement