Sr. Mgr. Cybersecurity Risk

Horizon Blue Cross Blue Shield of New Jersey empowers our members to achieve their best health.  For over 90 years, we have been New Jersey’s health solutions leader driving innovations that improve health care quality, affordability, and member experience.  Our members are our neighbors, our friends, and our families.  It is this understanding that drives us to better serve and care for the 3.5 million people who place their trust in us. We pride ourselves on our best-in-class employees and strive to maintain an innovative and inclusive environment that allows them to thrive. When our employees bring their best and succeed, the Company succeeds. 

About the Role

This position is responsible for overseeing both the development and management of the Information Security Risk program and framework, as well as the technical implementation and ongoing support of the eGRC program. The role serves as a key representative on governance bodies, including the Third Party Oversight and Governance Council and the Broker Oversight and Governance Council.

The incumbent is accountable for the overall health of Horizon BCBSNJ’s information protection environment, encompassing customers/members, subsidiaries, and suppliers. In partnership with the CSO, CISO, CCO, and other senior leaders, this role regularly engages with executive stakeholders across the organization’s supply chain to articulate risks and drive effective mitigation strategies.

This position coordinates cross-functional efforts to maximize the value of the Enterprise and Operational Risk Management framework, including the design, delivery, and execution of a consistent risk reporting model. The role collaborates closely with Information Security, Legal, Audit, Enterprise Risk Management, Vendor Management, and other key departments to optimize the use of the eGRC platform and to implement information security and risk management frameworks, policies, standards, and best practices.

Additionally, this role manages a team of professionals and serves as the primary point of contact for internal stakeholders on matters related to Information Security Risk and eGRC. It is also responsible for overseeing and reporting on regulatory and contractual compliance requirements.

What You'll Do

• Define, lead, and manage all aspects of the Third Party Risk Management (TPRM) Program.

• Identify, document, and communicate security risks and control deficiencies to business and IT stakeholders, driving awareness of emerging and relevant risks across Horizon BCBSNJ’s third-party landscape.

• Establish and maintain third-party privacy and security policies and standards, and oversee program effectiveness through measurement, governance, and continuous improvement.

• Serve as the primary information security risk interface to leadership teams, providing strategic guidance and insight on third-party and enterprise risk exposures.

• Direct and manage the Information Security Risk Management (ISRM) program, including team leadership, budget planning, resource allocation, and development of enterprise risk metrics and reporting.

• Ensure IT project risk assessments, application security reviews, and vendor risk assessments are integrated into the eGRC platform to support compliance with corporate information security policies and standards.

• Act as a trusted advisor to business stakeholders by maintaining ongoing awareness and alignment on identified and emerging risks.

• Partner with Internal Audit, Corporate Compliance, Office of General Counsel, and Risk Management to remediate identified issues, and track security-related findings within the eGRC system.

• Provide subject matter expertise and security risk consulting for third-party contracts (MSAs, BAAs, SOWs) and hosted services (SaaS, PaaS, IaaS) across all Strategic Sourcing engagements.

• Serve as the liaison to Enterprise Risk Management (ERM) for technology and cybersecurity risks, including collaboration on annual risk quantification for Horizon BCBSNJ’s Own Risk and Solvency Assessment (ORSA).

• Collaborate with the Director of Information Security and key stakeholders to enhance eGRC program procedures, controls, and the overall ISRM framework.

• Lead and manage security initiatives that address identified risks and business requirements, ensuring compliance with regulatory, legal, and industry best practices.

What You Bring

Education/Experience:

• Minimum high school diploma or GED

• Industry certifications required (e.g., CISSP, CISA, CRISC, or equivalent).

• Experience establishing & maintaining relationships with individuals at all levels within the organization as well as third parties.

• 10 years of continuous experience in Information Security in any two of the following areas:
  - Third Party Risk Management
  - Information Security Risk Management
  - Project and Technology Risk Assessments
  - Enterprise and Application HIPAA Risk Assessments
  - Information Security Risk Management Metrics Management

Knowledge:

• Highly effective communicator capable of relating technical and nontechnical information to senior audiences with impact.

• Requires knowledge of regulatory and contractual compliance, including HIPAA requirements, for information systems.

• Knowledge and working experience on eGRC tools and technologies.

• Experience with strategic work planning and a demonstrated ability to manage toward budget and work plan goals.

• Proven skills leading high talent teams and demonstrated ability to prioritize workload and meet project deadlines.

• Strong technical background, as well as the ability to work with the IT organization and business management to align priorities and plans with key business objectives.

Skills and Abilities:

• Requires exceptional analytical thinking skills.

• Requires excellent verbal and written communication skills.

• Requires excellent interpersonal skills and the ability to work effectively with others as a team.

• Requires excellent PC skills and demonstrated proficiency with MS Office Suite.

• Requires the ability to handle multiple tasks and prioritize effectively.

Why Horizon?

At Horizon, you’ll do meaningful work that directly improves lives—while being supported by a mission‑driven organization that values expertise, collaboration, and growth.  We believe that when our people thrive, our communities do too.  If you are passionate about making an impact, we’d love to hear from you!

Salary Range:

$123,000 - $167,895

​This compensation range is specific to the job level and takes into account the wide range of factors that are considered in making compensation decisions, including but not limited to: education, experience, licensure, certifications, geographic location, and internal equity.  This range has been created in good faith based on information known to Horizon at the time of posting.  Compensation decisions are dependent on the circumstances of each case. Horizon also provides a comprehensive compensation and benefits package which includes:

• Comprehensive health benefits (Medical/Dental/Vision)

• Retirement Plans

• Generous PTO

• Incentive Plans

• Wellness Programs

• Paid Volunteer Time Off

• Tuition Reimbursement

Disclaimer:

Horizon BCBSNJ employees must live in New Jersey, New York, Pennsylvania, Connecticut or Delaware. This job summary has been designed to indicate the general nature and level of work performed by colleagues within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of colleagues assigned to this job.

Horizon Blue Cross Blue Shield of New Jersey is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, protected veteran status or status as an individual with a disability and any other protected class as required by federal, state or local law.  Horizon will consider reasonable accommodation requests as part of the recruiting and hiring process.