Information Protection Associate Advisor - HIH - Evernorth

Information Protection Associate Advisor - HIH - Evernorth

Position Summary:

The Security Architect role will report to the Senior Director of CIP Global Security Architecture and will be responsible for the development and maintenance of the Enterprise Security Architecture documents that comprise the security guidance library to support the enterprise security frameworks which consist of; Security Architecture Requirements, Design Patterns and Reference Architecture documents. This role engages with strategic initiatives and enterprise solutions in the development of security guidance and requirements that aims to better protect the confidentiality, integrity, availability, and privacy of the technology and data of the enterprise.

Experience Required:

• 8+ years’ experience in information technology

  • 5+ years’ experience in an information security architecture or similar role

  • 3+ years administrating and configuring IT systems

• Practical experience in the application of security controls in security engineering, design, or developing reference architectures: NIST 800-53r(4/5), ISO 27001 Annex A / ISO 27002, Cloud Security Alliance – Cloud Controls Matrix (CCM v4), Center for Internet Security – Critical Security Controls (v7/8)

• UML diagramming using tools such as MS Visio

Job Description & Responsibilities:

• Monitor current and future security trends, changes in the business and business environment, as well as the evolving regulatory landscape and incorporate emerging trends into security architecture guidance and input into strategic planning.

• Produce written technical documentation and reports; develop presentations on security approaches and solutions.

• Maintain a centralized Information Security Architecture data repository that includes reference architectures, security design patterns, security requirements, and other security reference material.

• Provide technical and security expertise to IT and business teams with a focus on developing the reference architectures, design patterns and associated security standards that ensure the protection of the corporate assets, brand, and data.

• Solid understanding of security protocols, cryptography, authentication, authorization, and other information security controls and associated best practices.

• Proven ability to influence other key IT and engineering constituents on the opportunity and appropriate use of security patterns and frameworks.

• Excellent written and verbal communication skills as well as business acumen.

• Strong work ethic and sense of urgency.

• Other job duties as assigned.

Experience Desired:

• Security architecture certification (SABSA) or Architecture certification (TOGAF).

• Experience with threat modeling (all OSI layers), security analysis

• Familiarity with Security life cycle, design review across concept, development through deployment

• Solid understanding of services and capabilities delivered by mainstream cloud service providers.

Education and Training Required:

• BA/BS degree in MIS/Computer Science or related degree required.

• Professional Certification/Training such as:

  • Certified Information Systems Security Professional (CISSP)

  • SANS GIAC Certification(s)

Primary Skills:

• Written Communication

  • Produce written technical documentation and reports that will be consumed by partners in the U.S. and throughout the global enterprise.

• Verbal Communication

  • Ability to communicate with and influence a broad cross-section of personnel throughout the global enterprise to explain and compel adoption of security requirements.

  • Presenting security concepts to technical and non-technical audiences in-person and online video conferencing

• Time Management

• Relationship Management

• Self-Starter

About Evernorth Health Services