Senior Security Architect
11 - 15 years experience • Business Services
Senior Security Architect - 17002JK
Looking for a chance to do meaningful work that touches millions? Come join the hardest working, nonprofit health plan in California and help us shape the future of health care. Blue Shield of California’s Mission is to ensure all Californians have access to high-quality care at an affordable price. Blue Shield is focused on improving health care delivery by working closely with providers and making it more accessible, affordable and customer-centric. Being a mission-driven organization means we do much more than serve our 4 million members: we were the first health plan in the nation to limit our annual net income to 2 percent of revenue and return the difference to our customers and the community, and since 2005 we have contributed more than $325 million to the Blue Shield of California Foundation to improve community health and end domestic violence. We also believe that a healthier California begins with our employees, so we provide them with resources to develop and maintain a healthy lifestyle through our award-winning wellness program, Wellvolution.
We're hiring smart thinkers and doers who want to work for a leader and innovator in the challenging, ever-changing healthcare space. Come and help us make health care better for everyone.
We have an immediate opening for a Senior Security Architect within our Security Architecture team. The Senior Security Architect is responsible for helping to establish the vision, strategy, and roadmap for Blue Shield’s security methodology and capabilities inclusive of technology, procedures and people.
The Senior Security Architect provides security consulting support to business and project teams as to risk assessments and security controls, ensure architectural alignment relative to meeting defined security requirements and working to promote business enablement while maintaining an appropriate security posture relative to risk. The Senior Security Architect also works to identify opportunities for standardization of security controls and practices across the enterprise rather than point solutions with the objective of making security, including technologies, processes and people, an intrinsic competency rather than an afterthought in addressing business and IT needs.
The ideal candidate will be a key member of the IT Security Architecture organization responsible for applying architecture standards and principles to all aspects of the organization. The candidate will be expected to be pragmatic, well organized, and results oriented in every aspect of your work. We are looking for self-starters who are comfortable making good decisions and formulating creative solutions to business and operational problems as well as overall risk identification and mitigations.
Specific Security Architecture responsibilities include, but not limited to, the following:
- Provide leadership, mentorship and advisory services to IT, business and project teams to ensure that solutions are in line with the architecture direction and business strategies
- Highly collaborative -- work across the company to drive adoption of technical standards, design principles and architecture patterns
- Provide technical guidance and mentoring to engineers, designers and developers
- Develop Enterprise Architecture documents / artifacts from templates working with extended IT and Business teams
- Identify architectural risks and plans to mitigate risks, ensure adherence to standards and best practices
- Influences and communicates effectively with non-technical audiences including senior product and business management
- Maintain a broad knowledge of new technology tools and trends, and apply that knowledge to architecture designs
- Wide knowledge of architecture standards and patterns, a passion for advocating their correct usage
- Provide assessment of current state architecture and recommendation of future state Conducts security & vendor (Cloud) risk assessments as required
- Ensures compliance with regulatory and industry standards for infrastructure and information system security
- Represents security interests to project teams by ensuring security standards and requirements are defined as part of the deliverables. Provides input and guidance on adherence to defined security requirements and/or means to address any identified gaps
- Evaluates new products, methods, and technologies to protect against existing and emerging security threats
- Provides project consulting, evaluating proposed solutions including vendor products for IT security risks and working to define and push for standards, identify gaps and apply compensating controls as deemed necessary
- Participates in the development of IT Security strategies, policies and standards
- Collaborates with business and project teams to ensure third party applications and services comply with our policies and principles
- Monitors the external application security threat landscape and recommends proactive actions to reduce risk to the enterprise
- Participates in driving encryption strategy and standards plus evaluates encryption solutions
- At least 10-15 years’ experience as security architect or equivalent
- experience plus demonstrated ability to perform a risk-based approach to securing applications, databases or infrastructure based upon IT and business needs
- Experience in designing, architecting, and implementing complex enterprise applications, infrastructures, platforms and systems with security built in
- Understanding of software development methodologies and the security controls needed to support secure SDLC principles
- Have excellent communication skills (written and verbal)
- Demonstrate strong problem solving ability and analytical skills
- Fundamental working knowledge of industry-standard enterprise architecture models (e.g. TOGAF, NIST, SABSA) and approaches
- General understanding and familiarity with protecting against web and web services security vulnerabilities including the OWASP Top Ten and the SANS Top Twenty Five software errors
- Knowledge of HIPAA, HITECH, PCI-DSS, ISO 2700X and proper application of the Security and Privacy Rules.
- Strong business acumen and a commitment to integrity, process improvement and customer satisfaction
- Broad understanding of distributed, highly-available computing environments, and proactively addressing threats and vulnerabilities at all layers
- Knowledge and experience with securing virtualized platforms and VMWare ESX highly desired
- Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience
- CISSP, CCSP, CISM or other security and/or Enterprise Architecture methodology certifications preferred
- Knowledge of healthcare industry and industry related technology would be a strong plus