SCOPE OF ROLE

The Director of Application Security Engineering is responsible for enabling the implementation and operationalization of numerous security controls and technologies. The Director will develop and drive alignment of the overall security operations, engineering and resilience vision and roadmap. They will enable consistent measurement and visibility of results, dependencies, and connection points across multiple stakeholders throughout the enterprise. They will ensure that risk-driven security roadmaps are effectively prioritized and sequenced to reduce the risk to Bright Health Group’s members, associates, and overall business strategy.

ROLE RESPONSIBILITIES

• Partners with functional and technical leaders to identify and plan capabilities necessary to drive alignment of overall Infrastructure Security and Application Security strategy and vision enterprise roadmap for the Company's enterprise priorities and common services 
• Lead and mentor security team in all aspects of technical security engineering
• Drives strategy for the prioritization, sequencing, and execution of roadmaps and ensure that capital is effectively deployed across the enterprise
• Enables consistent measurement and transparent visibility of results, dependencies, and connection points across multiple stakeholders at all levels in the organization
• Attracts, retains, develops, and motivates Security Engineering talent; Manages and coordinates strategic direction for staff; Provides leadership, mentoring, and coaching to direct reports; Conducts annual and mid-year reviews, reviewing individual development plans and providing performance feedback
• Manage security (both infrastructure and application) operations and engineering initiatives
• Mentor, train and develop security management personnel
• Oversee, track and report on department initiatives from planning to final project delivery
• Producing metrics reporting the state of infrastructure and application security programs and performance of teams against requirements

EDUCATION, TRAINING, EXPERIENCE

• Bachelors degree in technical (required), with Masters degree preferred.
• Ten (10)+ years of security management experience.
• Five (5)+ years prior experience as Director in technical field
• Five (5)+ years of deep technical understanding and hands-on experience in software engineering security and infrastructure security
• Experience in designing and leading DevSecOps and/or Application Security; background in Security Operations Center and Security Engineering leadership.
• Experience assessing cybersecurity maturity and building multi-year roadmaps to advance maturity; familiarity with the MITRE ATT&CK and NIST CSF frameworks.
• Experience managing cyber threat investigations and a keen understanding of the current cyber threat landscape.
• Understanding of how to integrate cybersecurity incident response with enterprise resilience functions; experience with cyber exercises.
• Strategically minded with the ability to present complex concepts to an executive audience while also leading a team of subject matter experts.
• Experience managing a large portfolio of projects.
• Familiarity with HIPAA, SOC2 and SOX compliance frameworks.
• Adept at building highest performing teams with a keen emphasis on diversity and inclusion, maintaining performance standards, motivating associates and developing their careers.
• Proficient in defining, communicating and driving value propositions, success metrics and outcomes.
• Proficient in shaping, aligning and guiding execution of strategic direction for domain or significant portfolio segment
• Proficient in communicating, building influence and developing relationships with functional and technical leaders, with high-level vendor partners and across all levels in the organization
• Proficient in utilizing deep market and industry knowledge to achieve strategic objectives
• ISACA, (ISC)2, Offensive Security or relevant industry certifications preferred