Information Security Architect, Principal
San Francisco, CA

Job Description

Looking for a chance to do meaningful work that touches millions? Come join the hardest working, nonprofit health plan in California and help us shape the future of health care. Blue Shield of California is focused on transforming health care by making it more accessible, affordable and customer-centric. Being a mission-driven organization means we do much more than serve our 3.5 million members: we were the first health plan in the nation to limit our annual net income to 2 percent of revenue and return the difference to our customers and the community, and since 2005 we have contributed more than million to the Blue Shield of California Foundation to improve community health and end domestic violence. We also believe that a healthier California begins with our employees, so we provide them with resources to develop and maintain a healthy lifestyle through our award-winning wellness program, Wellvolution. We're hiring smart thinkers and doers who want to work for a leader and innovator in the challenging, ever-changing healthcare space. Come and help us make health care better for everyone.

Responsibilities:

* Work in Chief Information Security Officer (CISO) office under Director of IT Security Architecture to strategize and support 3-5-year security roadmap. Transform healthcare with business aligned agile, repeatable and standardized security technology ready for new emerging threats
* Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities aligned with business, technology and threat drivers.
* Develop security strategy plans and roadmaps based on sound enterprise architecture practices.
* Develop and maintain security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.
* Track developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.
* Influence and communicate effectively with non-technical audiences including senior product and business management
* Participate in application and infrastructure projects to provide security planning advice. Participate in project meetings and Level of Effort estimate forecasts
* Coordinate with DevOps teams to advocate secure coding practices
* Conduct Preliminary Security Assessment Reviews and Security Risk Assessments
* Document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommend controls to ensure adequate protection
* Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risk where applicable.
* Validate security configurations and access to security infrastructure tools, including firewalls, intrusion prevention systems (IPSs), Security Information and Event Management (SIEM)s, web application firewalls (WAFs), anti-malware/endpoint protection systems, etc.
* Review security technologies, tools and services, and make recommendations
* Provide leadership, mentorship and advisory services to IT, business and project teams to ensure that solutions are in line with the architecture direction and business strategies. Attend change management meetings.
* Works to achieve strategic and operational targets with significant impact on the IT Security Architecture results
* Work across the company to drive adoption of technical standards, design principles and architecture patterns
* Provide technical guidance and mentoring to engineers, designers and developers
* Maintain a broad knowledge of new technology tools and trends, and apply that knowledge to architecture designs
* Have excellent communication skills (written and verbal). Demonstrate strong problem-solving ability and analytical skills. Strong business acumen and a commitment to integrity, process improvement and customer satisfaction
* Represents security interests to project teams by ensuring security standards and requirements are defined as part of the deliverables. Provides input and guidance on adherence to defined security requirements and/or means to address any identified gaps
* Evaluates new products, methods, and technologies to protect against existing and emerging security threats
* Persuasive in influencing strategic security architecture direction, framing reference architectures and pattern components, specifying policies and standards, drive consensus on target state architectures, and influence roadmaps

Experience

* At least 12-15 years of related IT security and Security Architecture experience
* Strong understanding of Secure Software Development Lifecycle (S-SDLC) and mobile security
* Knowledge of healthcare industry and industry related technology a strong plus
* General understanding and familiarity with protecting against web and web services security vulnerabilities including the OWASP Top Ten SANS Top Twenty-Five
* Experience in designing, architecting, and implementing complex enterprise applications, infrastructures with security built in
* In depth understanding and knowledge of network security capabilities and best-practices (e.g. IPS/IDS, firewalls, proxies, BYOD, SIEM, wireless security)
* Fundamental working knowledge of industry-standard enterprise architecture models (e.g. TOGAF, NIST.SP.800-53r4, ISO 27002, SABSA, HIPAA, HITECH, PCI-DSS) and such security frameworks

Qualifications:

* Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience
* CISSP (required), CCSP, CISM, TOGAF or other security and/or Enterprise Architecture methodology certifications.
* Information Technology Infrastructure Library (ITIL) or Project Management Institute (PMI) / PMP preferred