IS System Assurance Principal

Kaiser Permanente   •  

Atlanta, GA

Industry: Patient Care

  •  

5 - 7 years

Posted 395 days ago

Description: This role services a subject matter expert in performing complex security test data analysis in support of security vulnerability assessment processes, including root cause analysis. This role recommends and advocates for enterprise security process improvements which align with sustainable best practices and provides insight and influence to executive management and business leaders on how to integrate security requirements with current systems. In addition, this position drives continuous process improvement by leading the development, implementation, and maintenance of standardized security tools, templates, and processes.

Essential Responsibilities:

  • Drives the execution of multiple work streams by identifying customer and operational needs; developing and updating new procedures and policies; gaining cross-functional support for objectives and priorities; translating business strategy into actionable business requirements; obtaining and distributing resources; setting standards and measuring progress; removing obstacles that impact performance; guiding performance and developing contingency plans accordingly; solving highly complex issues; and influencing the completion of project tasks by others.
  • Practices self-leadership and promotes learning in others by soliciting and acting on performance feedback; building collaborative, cross-functional relationships; communicating information and providing advice to drive projects forward; adapting to competing demands and new responsibilities; providing feedback to others, including upward feedback to leadership; influencing, mentoring, and coaching team members; fostering open dialogue amongst team members; evaluating and responding to the strengths and weaknesses of self and unit members; and adapting to and learning from change, difficulties, and feedback.
  • Effectively communicates investigative findings to non-technical audiences.
  • Participates in budgeting and capital planning both at the project/program and annual business cycle levels.
  • Collaborates with HR, cybersecurity leadership, and talent management to develop or enhance security consultant learning and development programs.
  • Evaluates existing security consultant resources to determine coverage of the necessary skills and knowledge required to meet ongoing business demands and develop strategies to address talent gaps.
  • Ensures security consultant resources are assigned in consideration of team member skills, development needs, and project requirements by facilitating and managing partnerships between consultants, Program/Project Managers, and other IT planning leaders to drive short-term workforce planning efforts.
  • Communicates lessons learned and feedback to security teams, leadership, and the larger information security community.
  • Drives continuous process improvement by leading the development, implementation, and maintenance of standardized security tools, templates, and processes across the enterprise.
  • Recommends and advocates for additional data and/or services needed to address key business issues related to process or solutions design.
  • Defines KPIs and ensures the ongoing tracking of performance metrics.
  • Provides insight and influence to executive management and business leaders on how to integrate security requirements with current systems and business processes across the enterprise.
  • Defines the impact of requirements on upstream and downstream solution components.
  • Recommends and advocates for enterprise security process improvements which align with sustainable best practices, and the strategic and tactical goals of the business.
  • Serves as a subject matter expert in performing complex security test data analysis in support of security vulnerability assessment processes, including root cause analysis.
  • Reviews and provides QA of regular securityreports from the assessment team (e.g., status updates, risk assessment reports, remediation reports) and generating high level themes for executive reporting.
  • Validates security test scenarios across various SDLC phases (e.g., development, reproduction, production) for critical projects.
  • Reviews and provides technical sign off on testing scope and approach for complex security testing initiatives.
  • Leads the development of security testing strategies, methodologies, and standard processes for large-scale, complex IT initiatives spanning multiple information security domains.
  • Oversees, addresses, and serves as an escalation point on critical issues, dependencies, and risks related to security testing.
  • Researches, leverages, and builds upon industry trends, best practices, and cutting edge techniques to creatively discover and exploit vulnerabilities in technology systems.
  • Leads and oversees the development and documentation of comprehensive business cases to assess the costs, benefits, ROI, and Total Cost of Ownership (TCO) of highly unique or complex solution proposals.
  • Leads a team in the development of requirements, for security system solutions which may span multiple business domains by leveraging partnerships with stakeholders and appropriate teams.


Minimum Qualifications:

  • Minimum five (5) years in an informal leadership role working with project or technical teams.
  • Bachelor's degree in Business Administration, Computer Science, Social Science, or related field and Minimum ten (10) years experience in information security, networkengineering, or system administration, including Minimum five (5) years performing security assessments across multiple IT environments. Additional equivalent work experience may be substituted for the degree requirement.


    Preferred Qualifications:
  • Two (2) years managing operating budgets and/or project financials.
  • Three (3) years of work experience in a role requiring interaction with executive leadership (e.g., Vice President level and above)
  • Five (5) years experience working on cross-functional project teams
  • Three (3) years experience working for a health care organization
  • Five (5) years work experience requiring the development of technical documents or presentations.
  • Five (5) years experience in large scale software implementations
  • Five (5) years experience in IT risk management, governance, or compliance.
  • Five (5) years experience in asset management.
  • Five (5) years experience in IT data analytics.
  • Six (6) years experience in cybersecuritythreat and/or vulnerability research.
  • Five (5) years experience in software or systems programming and/or scripting.
  • Five (5) years experience working with technical configuration testing methodologies.
  • Five (5) years experience working in a large matrixed organization.
  • Five (5) years experience working in virtual testing environments.
  • Three (3) years experience in capacity planning and management.
  • Master's degree in Business Administration, Computer Science, Social Science or related field.
  • CISSP certification.
  • CISM certification.

Job Number: 631073