Information Protection Senior Advisor - HIH - Evernorth

Information Protection Senior Advisor - HIH - Evernorth (Cyber Security Architect)

Position Summary:

This role is for a highly motivated Security Architect, with a background in cloud and DevOps security. The Security Architect (PSA) works closely with architecture, development, product, and other teams across the enterprise to design and integrate security into the solution lifecycle from design through deployment.  This person will be responsible for defining security requirements, performing security design assessments, and providing teams with remediation and mitigation guidance and advice. Security Architects engage on strategic initiatives, programs, and projects throughout the enterprise including cloud, AI/ML, etc., as well as provide on-going guidance on security best practices.

Experience Required:

• 13-16 years’ experience in information technology

  • Min 8+ years’ experience in an information security architecture

  • Min 5+ years application development and/or administrating and managing cloud solutions

• Practical experience in the application of security controls in security engineering, design, or developing reference architectures: NIST 800-53r(4/5), ISO 27001 Annex A / ISO 27002, Cloud Security Alliance – Cloud Controls Matrix (CCM v4), Center for Internet Security – Critical Security Controls (v7/8)

• Solid understanding of services and capabilities delivered by mainstream cloud service providers.

Job Description & Responsibilities:

• Translate business priorities into information security requirements to ensure protections regarding the confidentiality, integrity, availability, and privacy of the enterprise’s technologies and its data.

• Monitor current and future security trends, changes in the business and business environment, as well as the evolving regulatory landscape and incorporate emerging trends into architecture engagements and strategic planning.

• Produce written technical reports and documentation; develop presentations on security approaches and solutions.

• Work directly with program and project teams to ensure that all relevant security risks are identified, evaluated, and appropriate security solutions are implemented to help manage risks to the enterprise.

• Provide strategic and technical security guidance for cloud programs and projects deploying in cloud environments.

• Responsible for the identification and documentation of architectural gaps and inefficiencies in existing solutions; support remediation and mitigation efforts through appropriate planning and roadmap development.

• Solid understanding of services and capabilities delivered by mainstream cloud service providers.

• Solid understanding of DevOps processes and associated security requirements and capabilities.

• Contribute to the Security Architecture guidance library including the development of reference architecture, security standards, security baselines, and other reference material.

• Strong work ethic and sense of urgency

• Ability to influence technical discussions and decisions.

  • Ability to interact with a broad cross-section of personnel throughout the global enterprise to explain and compel adoption of security requirements.

• Other job duties as assigned.

Experience Desired:

• Certification GIAC Defensible Security Architecture (GDSA) or other security architecture certification (ex. SABSA).

• Familiarity with Security life cycle, design review across concept, development through deployment

• Experience with threat modeling (all OSI layers), security analysis

Education and Training Required:

• BE degree in MIS/Computer Science or related degree required.

• Professional Certification such as (any one):

  • Certified Information Systems Security Professional (CISSP)

  • SANS GIAC Certification(s)

  • AWS/Azure Cloud Engineering Certifications

Primary Skills:

• Written Communication

  • Produce written technical documentation and reports that will be consumed by partners in the U.S. and throughout the global enterprise.

• Verbal Communication

  • Ability to communicate with and influence a broad cross-section of personnel throughout the global enterprise to explain and compel adoption of security requirements.

• Time Management

• Relationship Management

• Self-Starter

About Evernorth Health Services

Evernorth Health Services, a division of The Cigna Group, creates pharmacy, care and benefit solutions to improve health and increase vitality. We relentlessly innovate to make the prediction, prevention and treatment of illness and disease more accessible to millions of people. Join us in driving growth and improving lives.