CareFirst Careers

Information Security Manager

Resp & Qualifications

PURPOSE:  This position is responsible for ensuring that effective the integrity of the Corporation’s computer systems and networks are not compromised.

This position is responsible for managing the enterprise security engineering organization. Responsibilities include:

  • Proactively identifying possible audit issues. Assuring the timely and effective resolution of audit issues;
  • Enforcing and auditing enterprise security strategies;
  • Providing implementation oversight for technical controls, including enterprise controls related to audit findings
  • Effectively collaborating with internal and external clients to understand user security requirements, identifying security procedures/strategies and their impacts, and developing security strategies while maintaining security disciplines;
  • Monitoring advancements in information security technologies and recommending practical, reasonable security solutions for implementation;
  • Working with Security Architecture and Security Operations to identify gaps and focus areas;
  • Accountability and oversight for security solution evaluation, selection, design, and implementation, and ensuring alignment with CareFirst security strategy and business goals;
  • Accountability for ensuring that all solutions are implemented in a manner that meets CareFirst security and compliance requirements;
  • Delivery of complete security solutions to Security Operations teams for ongoing support
  • Overseeing and managing associated budget;
  • Coordinating with IT and business areas to provide guidance and advocacy for prioritization of investment and implementation associated with CF security strategy;
  • Overseeing the Enterprise Vulnerability Management Program for COTS and internally developed applications;
  • Initiating, facilitating and promoting activities to foster Information Security awareness throughout the enterprise;
  • Identifying security exposures and risks and providing leadership for designing and implementing effective solutions. Providing direction for risk accepting exposures and risks; and,
  • Providing status reports and metrics on security matters to key IT security stakeholders.


Under the supervision of the Director, Enterprise Services, the incumbent’s accountabilities include, but are not limited to the following:

  • Plans, develops, implements and controls the Corporate Information Security Strategy to reduce risk and provide an appropriate level of information security to address business needs in the most cost effective and reliable methods possible.
  • Identifies and provides guidance on regulatory, legal and audit security related issues.
  • Mentors and develops staff to understand CareFirst business, security processes, system architecture and security risks. Provides appropriate levels of guidance, encouragement, education, or discipline to ensure the highest quality delivery of services by responsible staff. Provides staff leadership by example.  Maintains current job descriptions, performance plans and associate evaluations.
  • Maintains the overall Information security budget. Provides status reports and metrics supporting Information Security initiatives.
  • Resource planning to ensure necessary time, people, and money are accounted for to meet the needs of internal group projects, corporate initiatives, and day to day to support. 
  • Maintain both managerial and technical skill set through training, industry conferences, etc.

This position is subject to a Level 6C security requirement.

SUPERVISORY RESPONSIBILITY: This position is responsible for up to 25 associates in the Security Administration, Security Infrastructure Support, Security Architecture & Analysis and Security Monitoring & Reporting groups within Information Security.


Required: This position requires a Bachelor of Science degree in Computer Science, Information Systems Management or similar degree with 8 or more years’ experience in an IT Security related field or commensurate work experience, including progressive leadership experience. Healthcare or related industry experience is a plus, as is experience with AWS and Azure. Experience deploying security solutions to Cloud environments a plus.

The position requires:

  • An extensive knowledge in networking, databases and systems operations;
  • Strong related experience in developing security procedures;
  • Selecting/implementing automated management/administration tools;
  • Strong planning and organizing skills and able to delegate and manage the work of internal and external personnel;
  • Strong problem analysis skills, be decisive and flexible; and,
  • Excellent oral and written communications skills.




Department: InfoSec Security Operations

Equal Employment Opportunity

CareFirst BlueCross BlueShield is an Equal Opportunity (EEO) employer.  It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

Hire Range Disclaimer

Actual salary will be based on relevant job experience and work history.

Closing Date

Please apply before: 07/08/2019

Federal Disc/Physical Demand

Note:  The incumbent is required to immediately disclose any debarment, exclusion, or other event that makes him/her ineligible to perform work directly or indirectly on Federal health care programs.


The associate is primarily seated while performing the duties of the position.  Occasional walking or standing is required.  The hands are regularly used to write, type, key and handle or feel small controls and objects.  The associate must frequently talk and hear.  Weights up to 25 pounds are occasionally lifted.

Sponsorship in US

Must be eligible to work in the U.S. without Sponsorship

Learn more about Information Technology