Previous Job
Previous
IT Architect Senior
Ref No.: 17-00992
Location: San Francisco, California
Start Date: 08/23/2017
The Senior Security Architect provides security consulting support to business and project teams as to risk assessments and security controls, ensure architectural alignment relative to meeting defined security requirements and working to promote business enablement while maintaining an appropriate security posture relative to risk. The Senior Security Architect also works to identify opportunities for standardization of security controls and practices across the enterprise rather than point solutions with the objective of making security, including technologies, processes and people, an intrinsic competency rather than an afterthought in addressing business and IT needs.

This role will focus on security matters across all aspects of the enterprise including the development and/or acquisition of applications, databases and systems solutions that are responsive to business needs, address the technical requirements and are aligned with company security strategies, policies and standards. This position plays a key role in helping to drive for maturation and effectiveness of our security controls while working to maintain a balanced approach commensurate with risk.

The ideal candidate will be a key member of the IT Security Architecture organization responsible for applying architecture standards and principles to all aspects of the organization. The candidate will be expected to be pragmatic, well organized, and results oriented in every aspect of your work. We are looking for self-starters who are comfortable making good decisions and formulating creative solutions to business and operational problems as well as overall risk identification and mitigations.
Specific Security Architecture responsibilities include, but not limited to, the following:
  • Provide leadership, mentorship and advisory services to IT, business and project teams to ensure that solutions are in line with the architecture direction and business strategies
  • Highly collaborative -- work across the company to drive adoption of technical standards, design principles and architecture patterns
  • Provide technical guidance and mentoring to engineers, designers and developers
  • Develop Enterprise Architecture documents / artifacts from templates working with extended IT and Business teams
  • Identify architectural risks and plans to mitigate risks, ensure adherence to standards and best practices
  • Influences and communicates effectively with non-technical audiences including senior product and business management
  • Maintain a broad knowledge of new technology tools and trends, and apply that knowledge to architecture designs
  • Wide knowledge of architecture standards and patterns, a passion for advocating their correct usage
  • Have excellent communication skills (written and verbal)
  • Demonstrate strong problem solving ability and analytical skills
  • Provide assessment of current state architecture and recommendation of future state architecture
  • Documenting and publishing the portfolio application reference architecture, and guidelines and standards for designing and developing target state capabilities
  • Key member of the Enterprise Architecture Review Board (EARB) for architecture governance

Specific Security Architecture responsibilities include, but not limited to the following:
  • Strives to establish and foster positive working relationships and partnership across IT Security, business and project teams focused toward security being an enabler and BSC imperative to protect our member's information by doing "the next right thing”
  • Conducts security & vendor (Cloud) risk assessments as required
  • Ensures compliance with regulatory and industry standards for infrastructure and information system security
  • Represents security interests to project teams by ensuring security standards and requirements are defined as part of the deliverables.Provides input and guidance on adherence to defined security requirements and/or means to address any identified gaps
  • Evaluates new products, methods, and technologies to protect against existing and emerging security threats
  • Provides project consulting, evaluating proposed solutions including vendor products for IT security risks and working to define and push for standards, identify gaps and apply compensating controls as deemed necessary
  • Participates in the development of IT Security strategies, policies and standards
  • Collaborates with business and project teams to ensure third party applications and services comply with our policies and principles
  • Monitors the external application security threat landscape and recommends proactive actions to reduce risk to the enterprise
  • Participates in driving encryption strategy and standards plus evaluates encryption solutions

Experience
  • At least 10-15 years of related IT security and Security Architecture experience plus demonstrated ability to perform a risk-based approach to securing applications, databases or infrastructure based upon IT and business needs
  • Experience in designing, architecting, and implementing complex enterprise applications, infrastructures, platforms and systems with security built in
  • Understanding of software development methodologies and the security controls needed to support secure SDLC principles
  • In depth understanding and knowledge of network security capabilities and best-practices (e.g. IPS/IDS, firewalls, proxies, BYOD, wireless security)
  • Excellent written and verbal communication skills with strong relationship building skills
  • Persuasive in influencing strategic security architecture direction, framing reference architectures and pattern components, specifying policies and standards, drive consensus on target state architectures, and influence roadmaps
  • Skilled in applying strategic architecture direction to project delivery using standard engagement methods
  • Fundamental working knowledge of industry-standard enterprise architecture models (e.g. TOGAF, NIST, SABSA) and approaches
  • General understanding and familiarity with protecting against web and web services security vulnerabilities including the OWASP Top Ten and the SANS Top Twenty Five software errors
  • Knowledge of HIPAA, HITECH, PCI-DSS, ISO 2700X and proper application of the Security and Privacy Rules.Preferred knowledge of the HITRUST Common Security Framework and more prescriptive security requirements and controls
  • Strong business acumen and a commitment to integrity, process improvement and customer satisfaction
  • Broad understanding of distributed, highly-available computing environments, and proactively addressing threats and vulnerabilities at all layers
  • Experience with TCP/IP and related protocols
  • Knowledge and experience with securing virtualized platforms and solutions like IBM Portal Framework and VMWare ESX highly desired

Job Additional Education/Experience
  • Knowledge of healthcare industry and industry related technology would be a strong plus
  • Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience
  • Ability to rise above the security related FUD and focus on specific work priorities and execution with positive outcomes
  • CISSP, CCSP, CISM or other security and/or Enterprise Architecture methodology certifications preferred

This candidate should demonstrate the following behaviors:
  • - shows willingness and aptitude to use own discretion in taking appropriate steps in finding solutions to problems; presents options and ideas to enhance current processes or procedures. Takes on additional responsibility when both big and small tasks need to be done
  • - Firmly adheres to the values and ethics of company. Exhibits honesty, discretion, and sound judgment – able to make the security call on an issue
  • - Willing to work with others, collaborating and compromising where necessary; promptly share relevant information with others
  • - Is open to changing situations and opportunities and is willing to perform all tasks assigned
  • - Able and willing to perform tasks and duties without supervision
  • - Maintains a positive "can-do " outlook, rebounds quickly from frustrations, and maintains composure and friendly demeanor while dealing with demanding situations
Internal/External Groups with which the Candidate will interface with: Service Marketplace (SMP) ServiceNow ticket requesters
Will this candidate interface with IT and business teams? If so, which ones? Application development, Infrastructure Teams, Data management, databases, Cyber Defense Center (CDC) , Incident Management, Security Risk and Governance , IT compliance
How does this project impact the line of business or the company as a whole? Provides the necessary security posture control recommendation and elevation required to protect data
Required Skills (top 3 to 5/ non-negotiables): What you like to see on resumes? (nice to have)
1. Provide leadership, mentorship and advisory services to IT, business and project teams to ensure that solutions are in line with the architecture direction and business strategies 1. Knowledge of healthcare industry and industry related technology would be a strong plus
2. Provide technical guidance and mentoring to engineers, designers and developers
Develop Enterprise Architecture documents / artifacts from templates working with extended IT and Business teams
2. General understanding and familiarity with protecting against web and web services security vulnerabilities including the OWASP Top Ten and the SANS Top 20 controls. NIST.SP.800-53r4 background
3.   3. Knowledge of HIPAA, HITECH, PCI-DSS, ISO 2700X and proper application of the Security and Privacy Rules. Preferred knowledge of the HITRUST Common Security Framework and more prescriptive security requirements and controls
4.   4.  
5.   5.  
Disqualifiers or Dislikes on Resumes:  
Education Requirement: Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience
Required Testing:  
Software Skills Required:  
Required Certifications: CISSP, CCSP, CISM or other security and/or Enterprise Architecture methodology certifications