Anthem, Inc. Info Security Sr Advisor in Atlanta, Georgia
SHIFT: Day Job
Location: Atlanta, GA on-site.
Your innovation. Our impact. At Anthem, Inc., it’s a powerful combination, and the foundation upon which we’re creating greater access to care for our members, greater health for our communities, and greater experiences for our customers. Innovation is a top priority. Here, you’ll have an opportunity to work in a collaborative environment that brings together industry leaders and technology experts, so together we can drive the future of health care.
As a Cloud Security Advisor you will combine your strong cloud background OR diverse experience within cloud platform and application security to provide cloud systems security solutions expertise in an advisory capacity. Familiarity with NetSkope platform and its CASB capabilities are a plus.
Help establish, validate and monitor Cloud Security Controls, deliver security guidance and consults, and share input considerations that can evolve security compliance, adherence to technical requirements methodology, program capabilities and focused maturity for the following areas:
Visibility Cloud services are provisioned within enterprises with proper administration, management, validation and oversight
Security baselines and guidance are integrated into business awareness and requirements
Compliance models for hybrid multi-tenant and multi-cloud provider environments;
Data protected at rest and in transit as a standard
Support consistent Cloud IAM strategy, implementation and remediation oversight
Incident Response Rapid identification of incidents and recovering from Cloud breaches
Serve as a key contact for setting strategy including Cloud security vendors and Vendor Management Cloud requires a shared responsibility model
Accountable for measuring adherence, risks and growing effective partnerships with peer teams and stakeholders to drive secure design, implementation and orchestration of complex, multi-product security solutions for enterprise cloud systems.
Participate in architecture and security control reviews, and cloud committees as part of the program lifecycle. Document and communicate where automatic provisioning of native cloud services, business application systems and adherence monitoring are and are not governed and controlled by security automation, standards, roles and policies
Primary duties may include, but are not limited to:
Help accelerate shift to Cybersecurity ‘Prevention and Detection’ in the support of architecture designs and planning for information and network security technologies
Provides technical guidance and support to business and technology associates in risk assessments and implementation of appropriate information security procedures, standards and technologies
Maintains security mitigation and remediation plans; represents major upgrades and business system replacements in change control
Oversees Enterprise mix of vendor services
Recommends changes and updates to cloud security protections and governance strategy based on NIST, regulatory and evolving threats drivers
Designs & engineer prescriptive templates, repeatable technical solutions based on business requirements and defined technology standards; develops support procedures and performance metrics reports
Creates presentations and socialize with IT and business management for approval or acceptance of significant replacements or changes in major security technologies serving the Enterprise
Provides technical security guidance and leadership to technologists within the organization
Proposes opportunities to improve security outcomes and reduce risks based on targeted or continuous assessments
Routinely acts as a subject matter expert among peers, managers and senior management.
Develop reports supporting adherence to prescribed standards, security absolutes and risk-based measures for Cloud Security Governance.
Requires BS/BA in related field; or any combination of education and experience, which would provide an equivalent background
8+ years experience in systems administration and security aspects of enterprise information systems, networking, telecommunications, systems development and management lifecycle; significant experience with multiple technical and business disciplines required; requires broad-based experience to plan and design highly complex systems; or any combination of education and experience, which would provide an equivalent background
Demonstrated experience or substantial knowledge in supporting competencies in cloud security standards and controls
Requires either: Demonstrate high degree of technical security tooling in commercial cloud environments OR Diverse experience within Platform security and applications experience to enable native cloud solutions
Technical expertise to understand multiple cloud platforms (AWS, GCP, Azure)
Technical and conceptual knowledge of configurations in cloud platforms and expertise of AWS security stack e.g. Cloud trail, Cloud watch, Guard Duty, Advanced Shield, IAM policies
Preferred experience, knowledge or certifications:
Minimum 2 years of experience supporting any cloud environment with multifactor authentication, CASB and Container Security technologies
Strong working knowledge and technical support experience in application development lifecycle, DevOps CI, DevOps CD or DevOps/CICD
Experience and working knowledge of application security testing, specifically SCA, SAST, DAST and Manual Penetration Testing
Technical security training and experience in any of the following cloud provider services – AWS, MS AZURE, GOOGLE CLOUD
Security Certifications: CISSP preferred, CCSP and other advanced technical security certifications (e.g. Information Systems Security Architecture Professional, Information Systems Security Engineering Professional, Certification and Accreditation or equivalent certifications); any level of training on Amazon Web Services (AWS), Cloud Security Alliance (CSA) Controls Matrix and CIS benchmarks
Demonstrate knowledge of security best practices, policies and standards to design highly secure public and private cloud architectures that support application services in-scope of HIPAA, PII and PCI regulations
Consultative presentations and guidance engagements with technology teams, business application owners and technology partners
Agile or SAFe Agile team experience for complex deliverables in matrixed environments
Anthem, Inc. is ranked as one of America’s Most Admired Companies among health insurers by Fortune magazine, and is a 2018 DiversityInc magazine Top 50 Company for Diversity. To learn more about our company please visit us at antheminc.com/careers.