Description:
The Principal Cybersecurity Strategist serves as the enterprise thought leader and primary architect of the EIP Cybersecurity Strategy. This role is accountable for shaping, evolving, and governing a multi‑year cybersecurity strategy that enables business priorities, strengthens enterprise resilience, and advances security maturity across Humana.
Operating as a senior advisor to executive leadership, this role translates business objectives, risk posture, regulatory expectations, and emerging technology trends into a coherent, prioritized, and achievable cybersecurity roadmap. The Principal Cybersecurity Strategist partners closely with EIP leaders, technology teams, and business stakeholders to drive execution, investment decisions, and measurable outcomes.
Key Responsibilities
- Strategic Leadership: Define, develop, and continually advance EIP's long-term cybersecurity strategy, ensuring alignment with corporate goals and evolving risk landscapes. Set direction for capability development, maturity roadmaps, and investment priorities over a three-year horizon.
- Board Engagement: Develop and present executive and board-level materials, articulating cybersecurity vision, strategic priorities, maturity metrics, and progress against objectives. Serve as a strategic advisor to senior leadership and board stakeholders.
- Healthcare & Financial Services Expertise: Leverage deep experience in healthcare and/or financial services to inform strategy and ensure compliance with sector-specific regulatory frameworks (e.g., HIPAA, PCI DSS, SOX).
- AI Security & Implementation: Lead the strategic integration of AI into cybersecurity operations, ensuring secure adoption, risk mitigation, and compliance. Advise on AI security trends, regulatory implications, and best practices for responsible implementation.
- Program Maturity & Capability Growth: Architect and execute initiatives to advance cybersecurity program maturity, talent development, and operational excellence. Establish frameworks for continuous assessment, capability benchmarking, and value creation.
- Investment Prioritization: Direct the allocation of resources and investment in cybersecurity capabilities, controls, and technologies based on risk, business value, and strategic impact.
- Organizational Change Management: Drive a security-centric culture through enterprise change management strategies, maximizing adoption of strategic priorities and minimizing resistance across a matrixed organization.
- Consultative Leadership: Provide consultative expertise to EIP department leaders, project teams, and cross-functional partners to ensure strategic alignment and integration of cybersecurity priorities at every stage of project and program lifecycles.
- Core Competencies
- Strategic Vision & Influence
- Information Security Management
- Organizational Change Leadership
- Business Intelligence & Data Analysis
- Security Risk Management
- Executive Communication
- Problem Solving
- Leadership in Complex, Matrixed Environments
Required Qualification
Use your skills to make an impact
- Bachelor's degree or higher in cybersecurity, information technology, business, economics, organizational management, or related field.
- Significant cybersecurity strategy experience, including enterprise‑level planning and transformation.
- Demonstrated success in developing and presenting cybersecurity strategies at the board/executive level.
- Significant experience advancing cybersecurity maturity and capabilities in healthcare and/or financial services environments.
- Proven expertise in AI security and the secure implementation of AI in cybersecurity practice.
- In-depth knowledge of regulatory and compliance frameworks relevant to healthcare and financial services.
- Consulting skills.
- Experience leading large-scale organizational change and adoption of new technologies, processes, and systems.
Preferred Qualifications
- MBA or Master's degree in Computer Science, Information Technology, or a related discipline.
- Professional cybersecurity certifications (e.g., CISSP, CISM, CISA).
- Experience with project security phases, cloud security policies, and identity and access management.
- Familiarity with security review processes and strategic consulting frameworks.
Remote/WAH Requirements
- WAH requirements: Must have the ability to provide a high speed DSL or cable modem for a home office. Associates or contractors who live and work from home in the state of California will be provided payment for their internet expense.
- A minimum standard speed for optimal performance of 25x10 (25mpbs download x 10mpbs upload) is required.
- Satellite and Wireless Internet service is NOT allowed for this role.
- A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information