Job Description
Overview: The role will lead a team of IT security risk assessors and auditors, overseeing security risk assessment and advisory activities. The candidate will demonstrate an understanding of the security needs of Molina’s third-party service providers to ensure adequate security controls are deployed with integrity and resilience against emerging threats. The role will also provide routine oversight reviews to determine high-risk problematic areas in service delivery of third-party services and provide process expertise in critical controls by identifying impacts to members, programs and processes, workflows, systems, regulations, compliance, and performance standards. Additionally, the position will work collaboratively with oversight peers and leadership teams to establish root cause analysis and systemic or isolated corrective action plans and support remediation efforts, including required process changes, documentation, and education. Other areas of responsibility:
- Participation in performance improvement initiatives
- Collaborate with policy owners for policy-driven issues
- Facilitate the implementation of routine monitoring tools/controls for ongoing automated visibility of adherence to CMS and State-specific requirements
- Communicate best practices, barriers, opportunities, and potential solutions to stakeholders and leadership
- Support functional areas on process development and improvements related to regulatory changes and any remediation activities for CAPs and risk mitigations.
- Support Manager in root cause analysis to identify the existence of systemic issues
- Partnership with the Security Awareness and Training Team Leader in the training content based on opportunities identified from oversight activities.
Duties And Responsibilities
- Lead, plan, and conduct periodic cyber and information security risk assessments and audits of third parties.
- Identify, assess, and document cyber and information security risks for Molina and its suppliers.
- Partner with internal and external auditors to facilitate compliance audits and mitigate findings.
- Manage documentation (e.g., requesting, reviewing, preparing) for regulatory and compliance audits & assessments.
- Ensure compliance with applicable regulations (e.g., HIPAA, NYS DFS) and industry standards (e.g., NIST).
- Develop and maintain security policies, plans, charters, standards, and procedures.
- Promote security awareness through communication, training, and documentation.
- Develop and maintain dashboards to manage and communicate risk to relevant stakeholders.
- Develop and monitor metrics and prepare management reporting.
- Identify risks and recommend process improvements in the third-party risk management and supply chain program.
- Build strong partnerships and collaborate with cross-functional teams.
- Ability to travel approximately 10%
Job Qualifications
Required Education
Bachelor's Degree or equivalent combination of education and experience
Required Experience
5+ years of relevant experience in governance, risk management, and compliance related to cyber and information security of third parties.
Preferred Education/Experience/Certifications
- Bachelor’s degree in Information Systems/Security, Computer Science, Cybersecurity, or related field.
- Professional certification(s): CISA and one or more of the following: CISM, CISSP, CGEIT, or CRISC.
- Excellent verbal, written, and interpersonal skills.
- Strong proficiency in regulations and industry frameworks (e.g., HIPAA, NIST, HITRUST)
- Adaptable to fast-changing environments and comfortable with ambiguity.
- Experience in Big Four, assurance, or information technology and consulting.
- Experience with GRC and security performance monitoring tools (e.g., ServiceNow, Prevalent, BitSight).
To all current Molina employees: If you are interested in applying for this position, please apply through the intranet job listing.
Molina Healthcare offers a competitive benefits and compensation package. Molina Healthcare is an Equal O
Pay Range: $87,568.7 - $189,732.18 / ANNUAL
- Actual compensation may vary from posting based on geographic location, work experience, education and/or skill level.