The Senior CyberSecurity Policy and Standards Engineer
evaluates, tests, recommends, develops, coordinates, monitors and
maintains information systems (IT) and cyber security policies,
procedures and systems, including access management for hardware,
firmware and software. The Senior CyberSecurity Policy and
Standards Engineer work assignments involve moderately complex to
complex issues where the analysis of situations or data requires an
in-depth evaluation of variable factors.
As the Senior Cybersecurity Risk & Compliance Professional at
Author by Humana , you will be responsible for designing,
communicating, implementing, and managing cross-functional
Governance, Risk and Compliance (GRC) processes within Author. You
will work with key leaders in Author's Operations, Health,
Technology, Product & Experience, and Marketing teams as they
deliver new capabilities that support evolving consumer needs. The
ideal candidate has experience with GRC tools, securing cloud
environments, and agile program delivery at the intersection of
healthcare and technology. If you thrive in a fast-paced
environment and get excited about shaping cybersecurity for a
high-performing organization as it scales, we can't wait to meet
About Author by Humana
At Author by Humana, we don't wait for chances to make a
difference, we create them. We launched a healthcare start-up with
the backing of a Fortune 52 company to create a new healthcare
experience that centers around customers, simplifies and
personalizes care, and focuses on whole-person health.
We start by listening to really understand what matters most to
seniors in their dynamic lives, evolving with them as their lives
change. This new business concept, called 'Author,' exists to
unlock seniors' potential to live healthy, vibrant lives on their
Author is an initiative designed to improve the experiences and
outcomes of Humana members. To achieve this, we have built a team
of diverse leaders from across industry giants in tech, marketing,
product, medicine, and healthcare as well as successful
entrepreneurs who have founded and sold breakthrough companies.
Together, we are excited to knock down barriers to health and be a
catalyst so that people can live their best lives.
Consumers have come to expect personalized, seamless, and secure
experiences in nearly all aspects of their daily life - how they
stay connected, shop, book travel and manage their finances.
Technology innovation has enabled these experiences. Consumers
should expect, and will demand, the same personalized and secure
experience for managing their health.
To meet new competitive challenges, better respond to consumer
needs, reduce systemic friction points and to inspire a brighter
future for healthcare in America, Humana has created a new business
focused on the whole health needs of seniors. Associates in this
new business segment (Author by Humana) are creating a
customer-back experience designed to foster a trusting relationship
with seniors to help them achieve their best health. Keeping
information safe is key to maintaining that trust.
Author operates independently with a 'startup-like' mentality,
and the enthusiastic support and backing of Humana and its board,
with the goal of changing the healthcare industry from managing
transactions to supporting a member's whole health.
We are seeking individuals who are passionate about solving big
problems in healthcare for seniors and keeping their information
safe as we do it. As a member of the Author team, you will have the
opportunity to bring your 'A game' to work every day to improve the
lives and health of the seniors we serve.
As the Senior Cybersecurity Risk & Compliance Professional, you
Maximize use of the ServiceNow IRM suite to facilitate effective
Minimize friction of cybersecurity GRC as we enable a safe journey
for Author and the members who trust us.
Ensure that technology and cybersecurity architecture, designs,
plans, controls, processes, standards, policies and procedures are
aligned with standards and overall Author technology and
Collaborate with various teams to achieve cybersecurity compliance
goals in an agile cloud environment.
Consult with leaders as they manage cybersecurity risk to
acceptable levels in their business processes.
Identify security risks and exposures, determine the causes of
security risks and recommend procedures to prevent future
challenges and improve security.
Develop techniques and procedures for conducting technology and
cybersecurity risk and compliance assessments .
Evaluate and test hardware, software, and business processes for
possible impact on risk posture, and investigate and resolve
Develop and implement cybersecurity policies and take measures
against intrusion, fraud, attacks or data loss.
Begin to influence strategy , including making decisions on complex
issues regarding the secure approach to projects.
Promote awareness of cybersecurity risks to your Author
Work without direction and exercise considerable latitude in
determining objectives and approaches to assignments.
The successful candidate will:
Be self-directed, highly engaged, able to navigate through
Have demonstrated expertise in cybersecurity strategy development
and execution in a fast-paced, cloud-first, internet-only business
Leverage high EQ to build and maintain solid relationships with key
business leaders and stakeholders.
Bring a broad set of experiences with cybersecurity, as you will be
consulted for guidance on topics that are technical, non-technical,
and everything in between.
During your first 100 days, you can expect to :
Learn about Author, a fresh, cloud-first organization whose
mission is to knock down barriers to health and be a catalyst so
that people can live their lives on their terms.
Meet your Author cybersecurity team, who seeks to provide modern
protection capabilities to enable and empower agile, innovative and
member-friendly business outcomes.
Familiarize with the GRC landscape at Author and Humana.
Gain a deep understanding of the technologies in place that support
cybersecurity, particularly the GRC technology, where you will
become the subject matter expert and risk administrator.
Make connections with key leaders and stakeholders in the business,
especially the ones who act as control owners - key players in
managing cyber risk.
Help control owners assess risk, develop controls and safeguards,
and optimize processes.
Get to know Author's cybersecurity policies so you can apply them,
interpret them for others, improve them, and create new policies
Understand Author's cybersecurity compliance efforts and
requirements and facilitate compliance assessments.
This role may be a fit if you have:
Bachelor's Degree 5 or more years of information security
experience Experience with GRC processes in a highly regulated
industry Experience working with ServiceNow IRM or other GRC
platforms Experience integrating security policies, identity
management and controls Experience integrating cybersecurity
technologies with existing technologies Skill for identifying
security risks and exposures, determining the causes of security
violations and suggesting solutions to halt future events Strong
ability to assess urgency and prioritization and make good
decisions based upon situational circumstances Excellent
communication skills with the ability to influence others
Analytical and problem-solving skills Passion about contributing to
an organization focused on continuously improving consumer
It will also be helpful to have :
Master's Degree in Information Security, Computer Science,
Information Technology or a related field Certifications: CISSP,
HCISPP, CCSP, CISA, CISM Experience with cybersecurity risk and
compliance management in cloud environments
How We Work:
We knock down barriers to health and are a catalyst so that
people can live their best lives on their terms.
Build Trust: Our team is authentic, we are honest and
transparent, and we make promises and then deliver on them. You can
rely on us, always.
Embrace Positivity: We believe in the power of positive messages,
positive emotions and positive relationships to motivate our
teammates and our members to live their best lives.
Be Curious and Humble: We don't know everything. To deliver on
our mission, we need to be intensely curious and open to
challenging own assumptions about the world, the industry, the
solution, and our own members' experiences.
Solve Problems with Creativity: We are especially skilled in
navigating complexity, solving tough problems and making concepts
real as we forge a new path in healthcare.
Elevate Others: We value the impact and contributions of our
teammates and members. We are supportive leaders, collaborating and
building relationships to enable others to reach their highest
Value Diverse Perspectives: We value each individual for who they
are and their unique skills. In building diverse teams and learning
from the perspectives of others, we create more inclusive
Due to COVID-19, most of our associates are working from home.
We have implemented a virtual hiring process and continue to
interview candidates by phone and video and are onboarding new
hires remotely. We value the safety of each member of our team
because we know we are all in this together.
Location: Louisville, KY or Remote
Scheduled Weekly Hours