Senior Director, Carelon Business Information Security Officer

Anticipated End Date:

2025-07-19

Position Title:

Senior Director, Carelon Business Information Security Officer

Job Description:

Senior Director, Carelon Business Information Security Officer

Location: This role requires associates to be in-office 3 days per week, fostering collaboration and connectivity, while providing flexibility to support productivity and work-life balance. This approach combines structured office engagement with the autonomy of virtual work, promoting a dynamic and adaptable workplace. Alternate locations may be considered.

The Senior Director, Carelon Business Information Security Officer is responsible for leading and managing direction of information system and programming activities. Directs multiple work functions or major projects/programs with broad scope and strategic business impact.

How you make an impact:

• Act as the primary Information Security leader and representative of the CISO for Carelon Services.
• Ensure alignment of cybersecurity strategy with business objectives across service lines.
• Implement and continuously enhance the Information Security framework within Carelon, adapting governance and controls to the unique operational, technological, and compliance landscape of Carelon Services.
• Partner closely with Carelon business leaders, the CISO, enterprise IT, and risk/compliance teams to proactively identify and address security and privacy risks in service delivery, third-party relationships, and digital infrastructure.
• Translate complex cybersecurity threats, data protection challenges, and emerging risks into actionable insights for senior Carelon executives, promoting informed risk-based decision making.
• Foster a culture of proactive risk management across Carelon’s technology and operations teams, embedding secure-by-design principles in business processes and digital innovation.
• Design and lead a forward-looking security roadmap tailored for Carelon Services, ensuring alignment with regulatory requirements, industry standards, and organizational goals.
• Validate that all technical and procedural security controls within Carelon uphold the confidentiality, integrity, and availability of systems, while complying with HIPAA, HITRUST, and other healthcare-specific frameworks.
• Advise Carelon leadership on security risks tied to service offerings, client obligations, and operational processes, with a focus on continuous improvement and risk reduction.
• Advocate for Information Security priorities throughout Carelon’s transformation initiatives, including cloud migrations, AI/ML applications, and healthcare data exchange.
• Oversee the creation of tailored documentation, job aids, and security awareness training for Carelon staff, ensuring materials are accessible and effective for non-technical audiences.
• Lead the triage and resolution of Information Security issues within Carelon, coordinating efforts across enterprise security, operations, and shared services to drive swift remediation.
• Balance security resource allocation with business demand across Carelon, optimizing the use of shared cybersecurity services while meeting evolving business needs.
• Recruit, coach, and develop high-performing security professionals assigned to Carelon, promoting a culture of accountability, learning, and career growth.

Minimum Qualifications:

• Requires an BA/BS degree in Information Technology, Computer Science or related field of study and a minimum of 8 years of IT management experience, experience in function/area being managed, experience managing multiple tasks and projects; or any combination of education and experience, which would provide an equivalent background. Experience, expertise and/or specific certification may be required

Preferred Skills, Capabilities and Experiences:

• Health insurance industry experience strongly preferred.
• CISSP, CISM, or equivalent certification nice to have.
• Proven experience in bridging cybersecurity strategy with business objectives, enabling secure and compliant growth through risk-informed decision-making.
• Strong understanding of enterprise security architecture, regulatory frameworks (e.g., HIPAA, HITRUST, NIST, ISO 27001), and emerging threat landscapes, with the ability to interpret and apply them in complex business environments.
• Demonstrated success in building partnerships across business units, IT, and security teams, acting as a trusted advisor to senior leadership and translating technical risks into business impact.
• Experience leading or influencing enterprise-wide initiatives such as risk assessments, incident response coordination, cloud security reviews, or secure product development lifecycles (DevSecOps).
• Excellent communication and executive presence, with the ability to present security postures, risk summaries, and investment justifications to senior stakeholders in a concise and actionable format.

Job Level:

Director

Workshift:

1st Shift (United States of America)

Job Family:

IFT > IT Tech Strategy

Please be advised that Elevance Health only accepts resumes for compensation from agencies that have a signed agreement with Elevance Health. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of Elevance Health.

Who We Are

Elevance Health is a health company dedicated to improving lives and communities – and making healthcare simpler. We are a Fortune 25 company with a longstanding history in the healthcare industry, looking for leaders at all levels of the organization who are passionate about making an impact on our members and the communities we serve.

How We Work

At Elevance Health, we are creating a culture that is designed to advance our strategy but will also lead to personal and professional growth for our associates. Our values and behaviors are the root of our culture. They are how we achieve our strategy, power our business outcomes and drive our shared success - for our consumers, our associates, our communities and our business.

We offer a range of market-competitive total rewards that include merit increases, paid holidays, Paid Time Off, and incentive bonus programs (unless covered by a collective bargaining agreement), medical, dental, vision, short and long term disability benefits, 401(k) +match, stock purchase plan, life insurance, wellness programs and financial education resources, to name a few.

Elevance Health operates in a Hybrid Workforce Strategy. Unless specified as primarily virtual by the hiring manager, associates are required to work at an Elevance Health location at least once per week, and potentially several times per week. Specific requirements and expectations for time onsite will be discussed as part of the hiring process.

The health of our associates and communities is a top priority for Elevance Health. We require all new candidates in certain patient/member-facing roles to become vaccinated against COVID-19 and Influenza. If you are not vaccinated, your offer will be rescinded unless you provide an acceptable explanation. Elevance Health will also follow all relevant federal, state and local laws.

Elevance Health is an Equal Employment Opportunity employer, and all qualified applicants will receive consideration for employment without regard to age, citizenship status, color, creed, disability, ethnicity, genetic information, gender (including gender identity and gender expression), marital status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or condition protected by applicable federal, state, or local laws. Applicants who require accommodation to participate in the job application process may contact elevancehealthjobssupport@elevancehealth.com for assistance. Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state, and local laws, including, but not limited to, the Los Angeles County Fair Chance Ordinance and the California Fair Chance Act.