Anthem, Inc. Cloud Information Security Advisor in Atlanta, Georgia
SHIFT: Day Job
Be part of an extraordinary team We are looking for leaders at all levels of the organization who are passionate about making an impact on our members and the communities we serve. You will thrive in a complex and collaborative environment where you take action and ownership to solve problems and lead change. Do you want to be part of a larger purpose and an evolving, high-performance culture that empowers you to make an impact?
This is a work from home employment opportunity.
Develops strategic and tactical plans for a comprehensive enterprise-wide information security program. Leads the development of policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls.
As a Cloud Security Executive Advisor you will combine your strong cloud background OR diverse experience within cloud platform and application security to provide cloud systems security solutions expertise in an advisory capacity. Strong understanding of cloud security requirements in regulated industry. Preferred hands-on experience with cloud technology AWS, GCP, Azure.
Apply Cloud Security Alliance (CSA) and Cloud Controls Matrix (CCM) to help establish, validate and monitor Cloud Security Controls, deliver security guidance and consults, and share input considerations that can evolve security compliance, adherence to technical requirements methodology, program capabilities and focused maturity.
Primary duties may include, but are not limited to:
Cloud services provisioning within the enterprises with proper administration, management, validation and oversight
Security baselines and guidance are integrated into business awareness and requirements
Compliance models for hybrid multi-tenant and multi-cloud provider environments
Data protected at rest and in transit as a standard
Support consistent Cloud IAM strategy, implementation and remediation oversight
Incident Response Rapid identification of incidents and recovering from Cloud breaches
Accountable for measuring adherence, risks and growing effective partnerships with peer teams and stakeholders to drive secure design, implementation and orchestration of complex, multi-product security solutions for enterprise cloud systems
Participate in architecture and security control reviews as part of the program lifecycle
Document and communicate where automatic provisioning of native cloud services, business application systems and adherence monitoring are and are not governed and controlled by security automation, standards, roles and policies
Help accelerate shift to Cybersecurity ‘Prevention and Detection’ in the support of architecture designs and planning for information and network security technologies
Provide technical guidance and support to business and technology associates in adherence assessments and implementation of appropriate information security procedures, standards and technologies
Maintain security mitigation and remediation plans; represent major upgrades and business system replacements in change control
Design & engineer prescriptive templates, repeatable technical solutions based on business requirements and defined technology standards; develops support procedures and performance metrics reports
Provide technical security guidance and leadership to technologists within the organization
Propose opportunities to improve security outcomes and reduce risks based on targeted or continuous assessments
Routinely act as a subject matter expert among peers, managers and senior management
Develop reports supporting adherence to prescribed standards, security absolutes and risk-based measures for Cloud Security Governance
Leads development of an information security risk management program that includes business, regulatory, industry practices and technical environment considerations;
Establishes strategic vendor relationships for security products and services;
Develops enterprise-wide security incident response plans and strategies that includes integration with business, compliance, privacy, and legal constituents and requirements;
Creates presentations and seeks IT and business management approval and acceptance of significant replacements or reconfigurations of major security technologies serving the Enterprise.
Provides technical guidance and leadership to the technical engineers within the organization.
Requires BS/BA in Information Technology or related field of study and a minimum of 10 years experience in systems administration and security aspects of information systems, access management and network security technologies, network communications, computer networking, telecommunications, systems development and management, hardware, software, data, and people; experience with multiple technical and business disciplines required; or any combination of education and experience, which would provide an equivalent background.
2+ years of technical security tooling in commercial cloud environments OR Diverse experience within Platform security and applications experience to enable native cloud solutions
2+ years of configurations in cloud platforms and expertise of AWS security stack e.g. CloudTrail, CloudWatch, GuardDuty, Shield Advanced, IAM policies
Minimum 2 years of experience supporting any cloud environment with multifactor authentication, Container Security technologies and CASB
Preferred Skills, Experiences and Competencies
Broad-based experience to plan and design highly complex systems is strongly preferred.
Expert knowledge and understanding of industry-accepted data processing controls and concepts strongly preferred as applied to Security
Experience or substantial knowledge in supporting competencies in cloud security standards and controls
Strong working knowledge and technical support experience in application development lifecycle, DevOps CI, DevOps CD or DevOps/CICD
Experience and working knowledge of application security testing, specifically SCA, SAST, DAST and Manual Penetration Testing
Technical security training and experience in any of the following cloud provider services – AWS, Azure, Google Cloud
Security Certifications: CISSP preferred, CCSP and other advanced technical security certifications (e.g. Information Systems Security Architecture Professional, Information Systems Security Engineering Professional, Certification and Accreditation or equivalent certifications); any level of training on Amazon Web Services (AWS), Cloud Security Alliance (CSA) Controls Matrix and CIS benchmarks
Demonstrate knowledge of security best practices, policies and standards to design highly secure public and private cloud architectures that support application services in-scope of HIPAA, PII and PCI regulations
Consultative presentations and guidance engagements with technology teams, business application owners and technology partners
Agile or SAFe Agile team experience for complex deliverables in matrixed environments
We offer a range of market-competitive total rewards that include merit increases, paid holidays, Paid Time Off, and incentive bonus programs (unless covered by a collective bargaining agreement), medical, dental, vision, short and long term disability benefits, 401(k) +match, stock purchase plan, life insurance, wellness programs and financial education resources, to name a few. The health of our associates and communities is a top priority for Anthem. We require all new candidates to become vaccinated against COVID-19. If you are not vaccinated, your offer will be rescinded unless you provide – and Anthem approves – a valid religious or medical explanation as to why you are not able to get vaccinated that Anthem is able to reasonably accommodate. Anthem will also follow all relevant federal, state and local laws. Anthem, Inc. has been named as a Fortune Great Place To Work in 2021, is ranked as one of the 2021 World’s Most Admired Companies among health insurers by Fortune magazine, and a Top 20 Fortune 500 Companies on Diversity and Inclusion. To learn more about our company and apply, please visit us at careers.antheminc.com. Anthem is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to age, citizenship status, color, creed, disability, ethnicity, genetic information, gender (including gender identity and gender expression), marital status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or condition protected by applicable federal, state, or local laws. Applicants who require accommodation to participate in the job application process may contact firstname.lastname@example.org for assistance.