Excellus BCBS
Info Security Architect II - 012683 (Information Technology)
Essential Responsibilities/Accountabilities:
Participates in development and implementation of security architecture principles and standards that align to the Company's overall business and strategy.
Drives adoption and compliance of security standards across development and infrastructure teams both inside of and under contract with the Company.
Creates functional and technical security requirements and sees them through the project lifecycle.
Executes an overall risk management strategy with key business and IT stakeholders. This risk management strategy will include enterprise integration of risk management into operational, regulatory/statutory, financial, technical, and security processes, including the creation of robust disaster recovery and/or business continuity plans.
Performs risk-based assessments of solutions and vendors to ensure appropriate security controls are adhered to.
Provides security consulting, including design, reviews, and recommendations, for various projects and initiatives.
Supports the team by providing hands-on support for technologies owned and operated by the security and risk department.
Establishes collaborative working relationships with the businesses, other IT functions and subsidiaries to ensure that Information Security risks are managed, and IT solutions align with the business strategy.
Develops the appropriate processes, standards, and templates for managing information security risks. Supports the implementation of new standards and solutions in close collaboration with other IT teams to allow Company to efficiently and effectively protect company's information assets (applications and infrastructure solutions).
Provides state-of-the-art technical experience and support to in-house enterprise architects, solution architects, and developers.
Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies' mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs.
Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures
Regular and reliable attendance is expected and required.
Performs other functions as assigned by management.
Level II (in addition to Level I):
Leads the development and implementation of security architecture principles and standards that align to the Company's overall business and strategy.
Helps develop an overall risk management strategy with key business and IT stakeholders.
Fosters a risk management culture through education, skill development, and implementation of effective risk management processes and practices.
Mentors lower level staff.
Minimum Qualifications:
BS degree in Computer Science, Information Technology, or a related field from an accredited college/university and a minimum of 5 years of experience in an IT Security Role.
Exceptional communication (both verbal and written) and influencing skills with strong ability to balance differing stakeholder interests through sound analysis and persuasion.
Strong people skills, collaborative ability to work with non-IT stakeholders inside and outside of Company.
Direct experience with as many of the following applications or enterprise security components as possible:
Identity and access management architecture and implementation, user provisioning/de-provisioning, single sign-on
Enterprise directories (AD and LDAP)
Multi-factor authentication
Network and application level security and encryption
Security event management
Firewall architecture and design
Cloud Security Controls
Web server security
Application security
PKI system implementation
Data loss prevention systems and implementation
Intrusion detection and prevention systems for network and host systems
Remote access security controls
Mobile security
Expert knowledge of TCP/IP protocols, broad and deep conceptual understanding of how Applications, Application Platforms, Operating Systems and Networks function.
Experience with shell scripting, Perl, other scripting language, or with any programming language such as Java, C++, or C.
Familiarity with Sarbanes Oxley, HIPAA, HCFA, PCI/DSS and other regulations impacting security (with ISO27001 and NIST security standards) is preferred, as well as, COBIT and COSO familiarity.
Demonstrated ability to work with a diverse team and assist in developing and shaping the company's Security Architecture.
It requires an individual with sound judgment, proven relationship management skills and the ability to support security architecture aspects of business and IT initiatives.
Highly organized, able to manage multiple concurrent work streams.
Understanding of process and its benefits in a maturing IT environment.
Ability to quickly familiarize with newer security technologies, their implementation requirements, and how to integrate the technologies into a larger corporate solution.
Ability to translate real-world threats into actionable security tasks by balancing functionality and performance needs with prudent security measures. This includes having a thorough understanding of the ramifications of various system security decisions.
Level II (in addition to Level I):
BS degree in Computer Science, Information Technology, or a related field from an accredited college/university and a minimum of 7 years of experience in an IT Security Role.
Prior experience with architecture processes, strategies and standards is required.
Experience coordinating vendor solution delivery and partnering effectively with vendors to meet business needs.
At least one security industry certification (i.e., CISSP, CISA, CISM, SANS).
Ability to travel across the region as needed.
************
The Lifetime Healthcare Companies aims to attract the best talent from diverse socioeconomic, cultural and experiential backgrounds, to diversify our workforce and best reflect the communities we serve.
Our mission is to foster an environment where diversity and inclusion are explicitly recognized as fundamental parts of our organizational culture. We believe that diversity of thought and background drives innovation which enables us to provide leading-edge healthcare insurance and services. With that mission in mind, we recruit the best candidates from all communities, to diversify and strengthen our workforce.
OUR COMPANY CULTURE:
Employees are united by our Lifetime Way Values & Behaviors that include compassion, pride, excellence, innovation and having fun! We aim to be an employer of choice by valuing workforce diversity, innovative thinking, employee development, and by offering competitive compensation and benefits.
In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position.
Equal Opportunity Employer
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
Non Manager