Cloud Information Security Executive Advisor

Description SHIFT: Day JobSCHEDULE: Full-timeYour Talent. Our Vision. At Anthem, Inc., it's a powerful combination, and the foundation upon which we're creating greater access to care for our members, greater value for our customers, and greater health for our communities. Join us and together we will drive the future of health care. This is an exceptional opportunity to do innovative work that means more to you and those we serve at one of America's leading health benefits companies and a Fortune Top 50 Company. Position location Atlanta, GA or remote near any Anthem office Develops strategic and tactical plans for a comprehensive enterprise-wide information security program. Preferred location Atlanta, GA but can be located near any Anthem office. Leads the development of policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls. Responsible for the selection and delivery of strategic network security, access control and secure transaction/messaging solutions. Primary duties may include, but are not limited to:

• Establishes architecture oversight and planning for information and network security technologies; leads development of an information security risk management program that includes business, regulatory, industry practices and technical environment considerations; establishes strategic vendor relationships for security products and services; develops enterprise-wide security incident response plans and strategies that includes integration with business, compliance, privacy, and legal constituents and requirements; provides advanced level engineering design functions; provides trouble resolution and serves as point of technical escalation on complex problems.
• Creates presentations and seeks IT and business management approval and acceptance of significant replacements or reconfigurations of major security technologies serving the Enterprise.
• Provides technical guidance and leadership to the technical engineers within the organization.
• Participates in the design of the enterprise architecture.
• Proposes opportunities to improve results based on targeted or continuous assessment .
• Researches relevant trends and activities in healthcare, business, competition and regulatory environments; recommends strategy adjustments.
• Participates in enterprise planning activity, including vendor assessment, technology platform selection & retirement, prioritization and integration.
• Capable of serving as technical merger & acquisition lead.
• Routinely acts as a subject matter expert for executive management regarding data protection and AppSec .
• Must be capable of providing top-tier support for 6 or more of the information security technology common body of knowledge skill sets: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery Planning, 4) Cryptography, 5) Information Security and Risk Management 6) Legal, Regulations, 7) Compliance and Investigations, 8) Operations Security, 9) Physical (Environmental) Security, 10) Security Architecture and Design, 11) Telecommunications and Network Security.

• Requires BS/BA in related field;
• 10+ years experience in systems administration and security aspects of information systems, computer networking, telecommunications, systems development and management; requires broad-based experience to plan and design highly complex systems; or any combination of education and experience, which would provide an equivalent background.
• Expert knowledge and understanding of industry-accepted data processing controls and concepts as applied to access management and network security technologies, hardware, software, data, network communications, and people.
• Strong background around data protection and AppSec
• Experience with configuration management tools (Salt, Puppet, Chef, or Ansibl)
• Advanced experience with public Cloud platforms (AWS, Azure);

• Good understanding of SOC, Cloud operations, security, automation, and orchestration
• Application Security experience including authentication, authorization, encryption, logging, and application security testing
• Experience understanding protocols, such as, SSL/TLS, CIFS, HTTP/S, DHCP, SMTP, LDAP/S, NFS, SNMP and DNS
• Experience in networking concepts and services, such as, VPNs, IPsec, PKI and TCP/IP; familiar with high-availability (HA) and failover implementations for network infrastructure and server systems
• Experience deploying and maintaining systems and applications within a secure, regulated environment; knowledge to design and implement security tests in accordance with stated criteria
• DevOps and scripting skills in at least one language, ideally Python
• Possess clear understanding of security protocols and standards and have experience with software and security architectures; experience working with Cloud security and governance tools and server virtualization technologies
• Security Certifications: CISSP preferred and other advanced technical security certifications (e.g. Information Systems Security Architecture Professional, Information Systems Security Engineering Professional, Certification and Accreditation or equivalent certifications).