Lead Cloud Security Architect
We are searching for experienced Cloud Security Architects who can utilize solid business knowledge and expert technical experience in security to help develop strategy, roadmap and execution for our Cloud Security program. As an architect you will assist in the identification, analysis, evaluation, life-cycle management, and adoption of security technologies in Cloud environments that support business requirements and align with architecture standards and patterns. You will support the secure and efficient migration of enterprise services to the Cloud, while ensuring optimal security posture of existing on-premise services.
Works closely with all areas of Enterprise Information Protection (EIP)’s, business units, and strategic partners and vendors to ensure security initiatives are in line with all other key initiatives that may have interdependencies. Supports project teams to recommend technology and control alignments and reviewed by EIP and that applicable security controls are properly incorporated.
+ Perform risk assessments, follow and enhance the security solutions lifecycle (evaluation, purchase, build, technical policy configuration, integration into Cloud environments, and run).
+ Contribute to Cloud security solutions R&D to evaluate the latest cutting edge tools against unfilled strategic security capabilities to drive business priorities
+ Act as a subject matter expert on the implementation and capabilities of existing security controls.
+ Provides direction and thought leadership to enterprise-wide initiatives applying security principles such as access control, encryption, and host security as well as state of the art and emerging technologies such as cloud computing, mobile computing, and next generation architecture.
+ Identifies the need for new security technology solutions; designs, reviews and collaborates on the deployment of new solutions.
Cloud Security Architecture
+ Develops security architecture strategies that align to enterprise architecture strategy and the company's business strategy for Cloud
+ Develops in depth security architecture standards, frameworks and design patterns spanning all layers of security in the Cloud from host, server, mobile, and network to application and data security.
+ Architects, designs, prioritizes, coordinates, and communicates the security technologies necessary to ensure a highly secure yet usable computing environment in the Cloud.
+ Provides security guidance across the system development life cycle, including security architectural reviews.
+ Contributes to the development and implementation of security technology solutions for complicated and more complex environments and architecture.
+ Analyzes business impact and exposure based on emerging security threats, vulnerabilities and risks, and recommends technologies and solutions to mitigate them.
+ Stays current with leading and emerging security technologies and makes recommendations for use based on business value.
+ Works closely with other technology architects to ensure security is properly represented in their technology domains and to ensure consistency and compatibility among EIP strategies and standards.
+ Actively communicates with stakeholders to drive awareness and understanding of security architecture roadmaps and directions.
Research and Development
+ Stays continually informed about the latest developments in the security field, including mitigation strategies, threats, tools, attack vectors, and cutting edge preventative measures.
+ Participates in new products or technology solutions supported by appropriate ROI, total cost of ownership, and/or cost benefit analyses.
+ Performs technical proof of concepts.
+ Extensive knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.
+ Extensive knowledge and experience with developing Cloud Security Frameworks using industry best practices such as those from the Cloud Security Alliance (CSA) and NIST CSF and regulatory requirements such as HIPAA, HITrust and PCI or closely related.
+ Experience with implementing security tools and architecture in Cloud environments such as(not all are required):
+ Access Controls
+ Data Loss Prevention (DLP)
+ Web Application Firewalls (WAF)
+ Secure SDLC and Software Security
+ Nextgen Firewalls
+ Anti-malware and anomaly detection controls
+ Data encryption in transit and at rest
+ Network security
+ Experience with a formal requirements definition and RFI/RFP process
+ Bachelor's degree in an IT-related field required; post-graduate degree is a bonus, but not required
+ Knowledge of the Mitre ATT&CK framework and NIST Cyber Security FrameworkFamiliarity with common security controls in the enterprise (Firewall, Proxy, AV, SIEM, etc.)Experience with incident response procedures
+ Extensive knowledge and understanding of security issues, techniques, and implications across multiple computer platforms.
+ Demonstrated experience leading and developing others by providing technical guidance and leadership to project teams.
+ Solid knowledge and understanding of security regulations and best practices such as PCI, SOX, HIPAA, or the ISO 27000 family of standards.
+ Solid knowledge and understanding of systems development life cycle (SDLC).
+ Demonstrated experience translating business requirements into architectural deliverables and technical specifications.
+ Demonstrated experience communicating technical information to business clients and less experienced technologists.
+ CISSP, CISM or equivalent
+ Experience with CI/CD pipelines
+ Cloud Architecture and/or Cloud Security Certifications (AWS, Azure, GCP)
+ Cloud Security Alliance (CCSP, CCSK) (ISC)2
Scheduled Weekly Hours
Mission: At Humana, our cultural foundation is aligned to helping members achieve their best health by delivering personalized, simplified, whole-person healthcare experiences. Recognizing healthcare needs continue to evolve for each person, for each family and for each community, Humana continuously creates innovative solutions and resources that help people live their healthiest lives on their terms –when and where they need it. Our employees are at the heart of making this happen and that’s why we are dedicated to building an organization of dynamic talent whose experience and passion center on putting the customer first.
Equal Opportunity Employer
It is our policy to recruit, hire, train, and promote people without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity or expression, disability, or veteran status, except where age, sex, or physical status is a bona fide occupational qualification. View the EEO is the Law poster.
If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact firstname.lastname@example.org for assistance.
Humana Safety and Security
Humana will never ask, nor require a candidate provide money for work equipment and network access during the application process. If you become aware of any instances where you as a candidate are asked to provide information and do not believe it is a legitimate request from Humana or affiliate, please contact email@example.com to validate the request.