Position Summary: We are seeking a highly skilled and experienced Product Security Strategy Senior Advisor, who will also act as a mentor to our team in HIH, to lead and mature our application and product security team. This role is pivotal in driving the overall maturity of our product security program, ensuring robust security measures are integrated into our development processes, and providing direct line management for team members in the HIH region. This individual will work on several of the largest technology initiatives for Evernorth, aimed at revolutionizing health services and the healthcare delivery system in the United States, utilizing the latest technologies and development techniques. Job Description & Responsibilities: Lead and manage the product security strategy team, focusing on the overall maturity and effectiveness of the application and product security program. Act as the direct line manager for security team members in the HIH region, providing guidance, support, and career development. Develop and implement long-term strategic security initiatives to continuously improve our security posture and innovate within the product security space. Oversee and guide the development and implementation of secure software and systems architectures. Collaborate with cross-functional teams to identify security requirements and develop comprehensive security strategies. Conduct security assessments, threat modeling, and vulnerability analysis to ensure robust security measures are in place. Oversee product security incident response activities, ensuring timely and effective resolution of security incidents and incorporating lessons learned into future strategies. Foster strong communication and relationship-building skills to negotiate and influence across various levels of the organization. Ensure compliance with industry standards and regulatory requirements. Mentor and develop team members, promoting a culture of continuous learning and improvement. Drive the integration of security practices into all stages of the product development lifecycle. Maximize the security efficiency (operational, performance, and cost) of the application assets. Advocate for and implement innovative security solutions to address emerging threats and vulnerabilities. Lead efforts to standardize security practices across the organization, promoting consistency and best practices. Collaborate with external partners and industry groups to stay abreast of the latest security trends, threats, and technologies. Experience Required: Bachelor s or Master s degree in Computer Science, Information Security, or a related field. 13 years of experience in cybersecurity, with a focus on application and product security. Proven expertise in automating security solutions within development pipelines (CI/CD). Extensive experience in threat modeling, architecture reviews, and vulnerability management. Strong understanding of various pipeline touchpoints and integration methods. Cloud experience (AWS, Azure, Google Cloud, OCI) is highly desirable. Familiarity with modern security technologies, practices, and standards. Strong knowledge of secure software development practices and principles. Industry certifications such as CISSP, CISM, CEH, or similar are preferred. Excellent leadership and team management skills. Strong communication, relationship-building, and negotiation skills. Ability to work effectively in an Agile environment. Experience Desired: Experience with security tools and platforms such as static analysis (SAST), dynamic analysis (DAST), and runtime application self-protection (RASP). Knowledge of regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCI-DSS). Hands-on experience with security automation and orchestration. Proficiency in programming and scripting languages relevant to security (e.g., Python, Java, Shell scripting). Ability to manage and prioritize multiple projects in a fast-paced environment. Education and Training Required: Advanced degree (Master s or higher) in Computer Science, Information Security, or a related field. Relevant industry certifications. Additional training in secure software development, application security, and risk management is highly desirable. Primary Skills: Advanced expertise in secure software development practices, application security, and security tool integration. Proficiency in Angular and Java for security-related software development and integration. Additional Skills: Extensive experience with AWS and other cloud platforms, with a focus on securing cloud-based applications and services. Hands-on experience with application security frameworks and tools, including security automation and orchestration.
