The Sr. Director of Data Governance incrementally builds out a data governance program and manages its operational components, influencing maturity of practices and solutions. The candidate will provide leadership, guidance, direction, and oversight for solutions to secure data including Data Classification, Data Retention, and Data Loss Prevention (DLP) for structured and unstructured data. This includes environments for cloud (AWS, AZURE), Unix, Windows, Linux and Databases.
The candidate must have a technical background and be able to influence and lead in a highly matrixed environment, bringing people across Magellan together around the shared mission. A successful candidate will have both an end state vision and maturity to help the organization progress towards that vision incrementally and purposefully.
Responsibilities
Leads, mentors, and guides the Organizations data governance program buildout and its individual components.
Ensures the integrity and usefulness of data assets by supporting their consistent definition, documentation, and appropriate use.
Directs the development, implementation, administration, and evaluation of data governance initiatives.
Partners with members of Information Security, Information Technology, Privacy, Compliance, and Legal.
Monitors trends and developments in the field of data governance and recommends strategic directions and priorities to leadership.
Directs solutions such as O365 and Varonis to manage risks associated with data.
Serves as the subject matter expert regarding the interpretation, implementation and compliance with data governance policies and regulations. Formulates and proposes policies, documentation, instructions, usage agreements and other guidance documents.
Establishes, designs, builds, nurtures, and maintains the data governance program with culturally appropriate formal structures and processes.
Provides training and support to Data Trustees, Data Stewards, Data Custodians, and Users.
Develop reporting, control processes, and establish meaningful metrics to demonstrate progress, manage risk, and ease of visibility.
Competencies
Ability to apply data classification schemas to structured and unstructured datasets as necessary to fulfill contractual or regulatory requirements, including for example HHS/HIPAA, PCI, GDPR and CCPA.
Ability to navigate through ambiguity and lack of structure and process to develop a strategy and recommend solutions to meet strategic goals while addressing immediate term issues.
Demonstrate knowledge of data governance concepts, techniques, processes, and applications.
Extensive knowledge of security administration and computer security tools; successful experience in retrieving, analyzing, and reporting.
Demonstrated ability to work effectively with technical and non-technical managerial, professional, and executive staff.
Understands data privacy principles and coordinates with Compliance, Legal, and
Affinity for learning and staying on top of trends and evolution of data governance practices, risks, and methodologies.
Affinity and appreciation for plan-do-check-act model for change
Skills
Strong project planning and leadership skills.
8+ years of experience in Information Security or related area, with at least 4 years of experience in building out data governance programs iteratively, focusing on the people aspect of maturity and culture change.
This is a fully remote position, allowing you to work from the comfort of your own home from anywhere in the US.
This position manages a functional area within the office of the CISO and will take a practical and risk-based approach to manage, maintain, and deploy security solutions throughout the enterprise network. They will contribute to the design, development and maintenance of the network security environment and architecture regarding data and voice communications to ensure efficient information flow in a secure systems environment.
Accountable for the oversight and management of all elements of a functional area within the office of the CISO, including supervision and mentorship of subordinates.
Partner with Information Technology leaders to facilitate compliance of security controls with Magellan information systems regarding HIPAA, PCI, and other applicable regulatory and contractual requirements, ensuring effective security operations of Magellan systems, networks, business partner agreements, and interconnections.
Partner with business and IT leaders in security methodology, ensuring new and existing business relationships adequately address information security risk through vendor management and assessment processes and procedures. Provide leadership for the enterprise high-availability firewalls running a *nix based operating system, including system updates, log analysis, access controls and backup. Perform changes to the firewall policy to add new network services, adapt existing services, and remove unnecessary services.
Support the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards.
Support the coordination and tracking of all information technology and security related audits including scope of audits, business units involved, timelines, and outcomes.
Provide guidance, evaluation and advocacy on audit responses.
Support the office of the CISO in establishing annual and long-term Information Security goals, defining security strategies, metrics, reporting mechanisms, and maintaining the Information Security maturity model.
Support in the design, development, and deployment of proactive security initiatives around information security awareness and branding that contribute to an improved security posture for the organization (e.g. protecting against identity theft, mobile social media security, phishing, online reputation program).
Oversee incident response activities, ensuring security incidents are properly identified, contained, eradicated, and recovered from. - Provide leadership for the management and maintenance of endpoint security solution(s) in use for Magellan Health information technology assets, including but not limited to application whitelisting, host-base intrusion prevention, system integrity monitoring, and anti-virus protection.
Review projects and provide security standards to the technology, prescribing appropriate protection configurations that will balance business requirements with enterprise technology standards to arrive at the optimal solution.
Develop and continuously refine overall security architecture, including critical areas such as security and audit related matters in addition to setting technology strategy.
Participate in the strategic sourcing process for acquiring infrastructure security assets and infrastructure services, including selection, negotiations and contract finalization.
Develop and ensure successful implementation of security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification and destruction.
Lead forensic analysis and risk assessments for the entire infrastructure.
Monitor compliance with information security policies and procedures.
Monitor network, devices and servers for security violations.
Design, implement and maintain network security guidelines and a security infrastructure for Magellan Health.
Ensure adequate security solutions are in place to mitigate identified risks sufficiently to meet business objectives and regulatory requirements.
Research emerging technologies in support of IT security enhancement and development efforts.
Assist in formalizing and updating security policies, procedures and technical standards.
Develop technical solutions to autonomously verify compliance with required technical controls.
Persistently evaluate adherence with defined standards.
Drive remediation and/or mitigation efforts for all vulnerabilities in the environment, ensuring appropriate response to high risk and aged findings.
Other Job Requirements
Responsibilities
10+ years of IT experience with 8+ in Information Security.
May substitute 2 or more relevant certifications for a year of experience.
Proven in-depth knowledge of network protocols and packet analysis tools such as TCPDUMP and Wireshark.
Detailed knowledge on network and host- based firewalls and intrusion prevention systems. Detailed knowledge on proxy servers, SSL inspection techniques, load- balancers, reverse proxy servers, and web application firewalls.
Proven ability to develop custom threat signatures in response to zero-day and emerging security threats. Strong consensus builder who builds credibility through targeted, accurate, and effective communication. Demonstrated operational and technical skills relating to information security.
Detailed knowledge with security-related systems and applications, firewalls, packet analysis tools, intrusion detection/prevention, and web content filtering.
Detailed digital forensics and eDiscovery skills and experience. Detailed knowledge of network infrastructure, including routers, switches, firewalls. Knowledge of information security publications (e.g., NIST 800-53, 53A, 37). Detailed knowledge of incident response, problem resolution, and vulnerability remediation. Detailed knowledge of automated security testing.
Demonstrated ability to lead/manage direct reports and develop staff.
Ability to communicate and engage effectively with a diverse audience, including front line technical staff, non-technical staff, management, executives, and vendors/providers.
Demonstrated in-depth knowledge of PCI, HITRUST, and/or other industry standards.
Self-starter with the ability to lead tasks with demonstrated ability to work independently.
Strong verbal and written communication skills with the ability to collaborate effectively with other groups.
General Job Information
Title
Sr. Director, Data Governance - Remote
Grade
32
Work Experience - Required
Information Security, IT
Work Experience - Preferred
Education - Required
A Combination of Education and Work Experience May Be Considered., Bachelors - Information Security
Education - Preferred
Masters
License and Certifications - Required
CISSP - Certified Information Systems Security Professional - Enterprise
License and Certifications - Preferred
Magellan Health, Inc. is proud to be an Equal Opportunity Employer and a Tobacco-free workplace. EOE/M/F/Vet/Disabled.Every employee must understand, comply with and attest to the security responsibilities and security controls unique to their position; and comply with all applicable legal, regulatory, and contractual requirements and internal policies and procedures.
