Executive Advisor -Business Information Security Officer

Executive Advisor – Business Information Security Officer

Location: In-office 1–2 days per week with hybrid flexibility. Alternate office locations considered for candidates within commuting distance.

• Lead Information Security and Risk Management for an assigned Business Unit, aligning with enterprise strategy and regulatory obligations.
• Serve as primary business-facing point of contact for security and technology risk matters; coordinate enterprise capabilities as needed.
• Act as key leadership contact during incident response; ensure effective business engagement and executive communication.
• Own development and execution of the Business Unit security roadmap, aligned with enterprise priorities and risk tolerance.
• Identify, prioritize, and recommend opportunities to reduce risk and improve security outcomes through assessments, continuous monitoring, and metrics-driven analysis.
• Participate in enterprise planning activities including vendor risk assessment, technology platform selection, security architecture alignment, and integration planning.
• Serve as Information Security and Technology Risk lead for M&A and divestitures, including due diligence and integration planning.
• Establish governance forums to assess, accept, mitigate, or elevate technology risk in alignment with enterprise risk management practices.
• Provide security leadership for healthcare regulatory and compliance requirements (HIPAA, HITRUST, state privacy laws), ensuring audit readiness.
• Define, track, and report meaningful security and risk metrics to business and executive stakeholders.
• Act as trusted advisor and subject matter expert to executive management, translating technical risk into clear business and financial impact.
• Influence business and technology leaders to adopt secure-by-design practices and risk-aware decision-making without direct operational authority.
• Mentor and develop security and risk management capabilities within the Business Unit and across enterprise teams.
• Must be capable of providing top-tier support for 6 or more of the information security technology common body of knowledge skill sets.

BS/BA in Information Technology or related field and minimum of 10 years experience in systems administration, security, access management, network security technologies, and business disciplines.

• Broad-based experience planning and designing highly complex systems.
• Expert knowledge of industry-accepted data processing controls and concepts; CISSP or equivalent advanced security certifications preferred.

Elevance Health is an Equal Employment Opportunity employer. Applicants requiring accommodation may contact j