Expert Cyber Risk Management Engineer

The Expert Cyber Risk Management Engineer will plan, develop, and implement enterprise information security solutions and services, such as authentication and authorization, public key infrastructure, data loss prevention, third party risk management, and security event information analytics, to address the current and emerging security needs of the business. This role requires the proactive identification and solution of some of the most complex enterprise-scale information security problems. In addition to researching, designing, and developing architectures, processes, and solutions, the Expert Cyber Risk Management Engineer will contribute to the development and maintenance of information security strategy, the security service portfolio, and security enterprise architecture.

• Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats. Research and track threat actor groups, study advances in adversary tactics, techniques, and practices, and report regularly on current state of the threat landscape.
• Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Develop processes, populate decision frameworks, develop documentation templates, and implement tooling to enable and mature security service delivery.
• Serves as a security expert in business process design, application development, database design, network, and/or platform and operating system efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Engage with security specialists, enterprise architects and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements.
• Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contribute to the development and maintenance of information security strategy and architecture.
• Assesses the effectiveness of cybersecurity capabilities, both internal to the organization and at third parties, provide guidance on effectively managing the risk of ineffective capabilities, and influence decision making by educating business stakeholders on the risk.
• Works with Enterprise Architects and other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently and support business objectives. Serve as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
• Communicates and interacts effectively and professionally with co-workers, management, internal and external customers and partners. Communicate cybersecurity risks and solutions to various technical and non-technical audiences and levels of management. Maintain communication with management regarding development within areas of assigned responsibilities and perform special projects as required or requested. Continuously track and report the status of all development efforts through boardroom-quality visual communication deliverables.
• Develops strong working relationships and offers continuous assistance and thought leadership to other leaders in the information technology organization. Exercise thought leadership in the creation and maintenance of security architectures and security enabled processes.
• Establishes and maintains relationships with suppliers and business partners in the information security industry. As needed, draft and negotiate professional services contracts, statements of work, and technology acquisition & support agreements.
• Educates, coaches, and mentors all members of the team on technical, interpersonal, team dynamics, company policy & procedure, enterprise business model and other topics.

• 8+ years of hands-on experience in IT and security architecture development and implementation, with broad exposure to infrastructure, network, and multi-platform environments; Bachelor's degree in Cyber Security, Computer Science, Information Systems, or equivalent IT work experience required (5+ years with a relevant Master's degree is also acceptable).
• 2+ years of experience in information security solution engineering or security service delivery. 
• 2+ years of leadership experience with planning and managing security implementations and/or leading a team of technical resources. 
• This role will require the management of several (2 to 4) concurrent large-scale enterprise wide information technology capability development projects.
• A strong, complete, and working understanding of architecture-level information security and appropriate use enforcement technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, active adversary deception, and others.
• Expert knowledge of security principles, issues, techniques and implications across all existing computer platforms.
• A strong working understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors).
• Strong understanding of systems development lifecycle to lead multifunctional projects or initiatives.
• Deep understanding of cyber threat identification and response, including cyber threat intelligence, intrusion detection technologies, security analytics, security event triage, cyber threat hunting, and security incident response.
• Comprehensive knowledge of the application of security requirements frameworks, such as NIST, and their application in the evaluation of internal and third party security control effectiveness, along with an understanding of audit and attestation methodologies and techniques.
• Knowledge of laws, regulations, and standards relevant to the US Healthcare industry.
• Excellent written and verbal communication skills (including technical writing, documentation development, process mapping, and visualization). Must be able to effectively communicate technical concepts to a non-technical audience.
• Externally recognized information security industry thought leadership and innovation accomplishments desired
• Able to understand fairly complex written and oral instructions.
• Ability to clearly present complex/technical subjects and findings to non-technical staff and management.
• Exceptional technical writing skills including documentation development, process mapping, and visualization.
• Ability to communicate technical concepts and ‘think on the fly’Ability to create and deliver impactful presentations.
• Ability to interact well with co-workers and outside contacts.

 

Preferred licenses:

• Certified Information Systems Security Professional (CISSP)
• Global Information Assurance Certification (GIAC)
• Certified Information Systems Auditor (CISA)
   

Base Pay Information

The national base pay range at the end is a good-faith estimate of what Delta Dental may pay for new hires. Actual pay may vary based on Delta Dental’s assessment of the candidate’s knowledge, skills, abilities (KSAs), related experience, education, certifications and ability to meet required minimum job qualifications. Other factors impacting pay include prevailing wages in the work location and internal equity. 
Pay Grade 25. $140,700 - $305,000

Behind the smile! We are dedicated to safeguarding the health and financial stability of our employees and their loved ones. This commitment extends beyond the workplace to foster personal growth and holistic wellbeing. Our life-changing rewards package includes:

• Competitive base and incentive pay 
• 401(k) with robust matching and non-matching contributions
• Rich medical & pharmacy benefits
• 100% employer-paid dental and vision benefits
• Holistic wellbeing program with deep financial incentives
• Generous paid time off plus 12 paid holidays and your birthday off
• Culture of growth and learning: career development; tuition reimbursement; recognition program
• Family support: adoption assistance, fertility treatment, child, elder & pet care assistance
• Social responsibility and volunteer opportunities
• Employee discount program

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
Please note, Delta Dental will not sponsor applicants for work visas for this position.
#LI-Remote