Chief Cloud Security Architect

 
 
 
 
 
As Chief Cloud Security Architect you will be accountable for defining and leading multiple programs in support of the company’s cloud security strategy. In this role, you will be responsible for providing active and engaged leadership with business and IT teams relative to security design and review processes, as well security consulting expertise in support of strategic company initiatives. You will have direct influence and impact on how we secure our cloud environments.
 
 
 
 

Work in active partnership with stakeholders to understand business requirements and develop supporting security principles and objectives that will enable the growth and evolution of UnitedHealth Group (and communicating those requirements to security and risk management stakeholders throughout the enterprise)
Develop technical roadmap for hybrid cloud security
Drive secure rapid development and migration to the cloud
Provide leadership to team members and consulting to business leaders in addressing their information risk posture
Support leaders, technical experts and operations partners in infrastructure and application organizations in considering holistic and integrated approaches that provide for data integrity, information confidentiality and service availability
Forecast non-functional and functional requirements and align expertise and team capacity to meet the current and planned needs of the business
Review of technical risk for initiatives and business architectures (and recommend controls where appropriate)
Charter and lead a security architectural review board that engages leaders and subject matter experts cross-functionally from applications and infrastructure
Drive adoption of industry and enterprise best practices around information security
Support the Information Risk Governance, Policy and Program Governance, and Incident Response areas
Ensure that risk analysis methods are embedded across architectural programs as new technologies and solutions are being implemented across the organization
Recommend changes (as appropriate) to security policies, control standards and operational practices

 
 
 
 
 

Experience in architecture, engineering, deployment and operational management of a robust information security environment to include practical working knowledge of Cloud Security Operations (SaaS, PaaS, IaaS), Global Security Operation Center, Network and Application Security and Data Protection
5 + years of experience leading programs as the Chief / Lead Security Architect for a Fortune 500 organization or a Cloud Service Provider
5 + years proven experience around cloud related platforms
Demonstrated knowledge of either AWS and/or Azure environments

Experience with cloud-centric authentication and authorization ( e.g. OAUTH, SAML) and their federation with traditional data center authentication and authorization

Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common protocols (RADIUS, LDAP, KERBEROS, etc.)

Practical development experience creating, securing and using REST APIs in one of more of the following: Python, Java, JavaScript, Ruby, PowerShell, C/C++

Proven success mentoring and educating teams on secure development lifecycles through large scale presentations, direct mentoring, code walkthroughs and other mediums  

Experience dealing with remediation and resolution of infield vulnerabilities in open source, 3rd party source, and internal software

Knowledge of common web application and mobile frameworks  

Hands-on expertise with the following parts of the application stack: Proxy, End Point Protection, Web Application Firewall, Intrusion Prevention, Vulnerability Scanning, Data Loss Prevention, and Malware Analysis
 
 
 
 
Preferred experiences:
 
 
 

Demonstrated expertise in industry best practices and security reference models such as SABSA, Jericho and/or CSA
Experience with NIST 800-53, Cloud controls and Cloud Reference Architectures like CSA-TSI
Strong leadership skills and experience managing individuals and project/program activities delivered in different geographies and cultures (this includes direct accountability for identification of talent and management of individuals from both business backgrounds and technology disciplines)

Demonstrated experience engaging across business units in order to ensure security compliance while driving a technical strategy forward over multiple product iterations
Ability to communicate threat and risk profiles to executive leaders and individual contributors
Familiarity with ITIL and CoBIT
Certifications such as: CISSP, CISSP-ISSAP, SABSA, ITIL, CISA, CISM, GCIH, or GCFA
Proven experience leading and implementing risk management programs with regards to legislation, regulation and guidance at the State and Federal level, including SOX, HIPAA, GLB, PCI and/or CFR Part 11
Experience with healthcare services and technical requirements of a health benefits company

Demonstrated skill in securing micro services and service oriented architectures that span multiple products or solutions

Experience with Mesos and/or VMWare

Previous experience running penetration testing and remediation of results
 
 
 
 
Technology Careers with Optum. Information and technology have amazing power to transform the health care industry and improve people's lives. This is where it's happening. This is where you'll help solve the problems that have never been solved. We're freeing information so it can be used safely and securely wherever it's needed. We're creating the very best ideas that can most easily be put into action to help our clients improve the quality of care and lower costs for millions. This is where the best and the brightest work together to make positive change a reality. This is the place to do your life's best work.SM
 
 
Diversity creates a healthier atmosphere: UnitedHealth Group is an Equal Employment Opportunity/Affirmative Action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.
UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.