Enterprise Security Architect- Emerging Technologies Job in Plymouth, Minnesota US
In this role, you will be responsible for supporting and providing active engagement with business and IT teams relative to security design and review processes, as well security consulting expertise in support of strategic company initiatives. Will collaborate with UnitedHealth Group infrastructure services, application services and business partners to develop, document, implement, and monitor integrated, holistic and consistent security architecture.
This position supports the success of the company's business security, infrastructure security, application security, information security advisory and consulting services and contributes to the company's security architecture roadmap, business strategy and software development lifecycle. Deliverables include clear communication of strategy, project management materials, and on-going assessment for initiatives across the enterprise.
- Support leaders, technical experts and operations partners in infrastructure and application organizations in considering holistic and integrated approaches that provide for data integrity, information confidentiality and service availability
- Responsible for forecasting non-functional and functional requirements and aligning expertise and team capacity to meet the current and planned needs of the business
- Support IRM engagement with SDLC and governance processes (e.g. RSA, UDP, Checkpoint) - review of technical risk for initiatives and business architectures - recommend controls where indicated
- Provide input to the security architectural review board that engages leaders and subject matter experts cross-functionally from applications and infrastructure teams in UHG-IT and business segments, aligning Board activities with risk management objectives
- Facilitating adoption of industry and enterprise best practices around information security, partnering with the Enterprise Architecture teams
- Coordinate controls that can reasonably accommodate existing control gaps while also facilitating new directions in enterprise application design
- Facilitate key architectural initiatives, including research and development, early in the project lifecycle
- Work closely and support the Information Risk Governance, Policy and Program Governance, and Incident Response areas and their initiatives
- Expertise in risk analysis methods applied to legacy technogolies as well as emerging and disruptive technologies
- Supporting enterprise strategy and architecture for information security services, mechanisms and safeguards
- Partner with Enterprise Architecture, Compliance Officers, Segment Information Security Officers, Privacy Officers, and Auditors to ensure that the Information Security Principles are embedded into new initiatives, as the business defines strategy
- Work in active partnership with stakeholders to understand business requirements and develop supporting security principles and objectives that will enable the growth and evolution of UnitedHealth Group (and communicating those requirements to security and risk management stakeholders throughout the enterprise)
- Identifying, researching, and developing evolutionary and revolutionary security strategies, evangelizing across the enterprise
- Contributing to consistent security patterns and frameworks to evolve the company's security architecture and a clear, comprehensive security framework (and promoting those requirements through partnership with enterprise architecture and IT governance functions)
- Supporting the on-going assessment and measurement of information risk objectively and consistently
- Providing consulting to business and technology leaders and team members in addressing their information risk posture
- Promoting a consistent risk vocabulary for information risk and controls and aligning that vocabulary with related compliance and business risk disciplines within the organization
- Engage with leaders responsible for Infrastructure Services, Application Services, Information Risk Governance Compliance, Remediation and Release Management to justify and communicate initiatives and risk management outcomes and to ensure integrity of approach
- Formally and informally responding to customer and regulatory requests with regard to information security services, mechanisms and safeguards (this includes regular communications with regulatory, privacy and legal stakeholders and active participation in both internal and external audit activities)
- Recommending changes, when appropriate, to security policies and control standards and operational practices.
Success Factors:
- Full commitment to customer satisfaction and the highest ethical standards
- A collaborative approach, evidenced by proven ability to influence individuals towards shared decisions
- Collaboration, adaptability and flexibility in approach to reflect different audience requirements Proven ability to communicate threat and risk profiles to executive leaders and individual contributors and facilitate progress towards required improvements
- Demonstrated ability to provide security consulting and advisory services to individuals, leaders, project teams, vendors and suppliers
Required Qualifications:
- Minimum of five years experience in successfully partnering with Enterprise Architecture, Infrastructure Services, Engineering, and Business Leaders in rapidly changing organizations
- Minimum of five years experience in architecture, engineering, deployment and operational management of a robust information security environment
- Experience supporting complex information security projects and programs for a Fortune 500 or larger organization
- Experience supporting information security incident response activities such as; detection, analysis, containment, response and prevention procedures
Preferred Qualifications:
- Undergraduate degree or equivalent experience
- Practical working knowledge of Cloud Security Operations (SaaS, PaaS, IaaS), Mobile Architecture, Global Security Operation Center, Network and Application Security, and/or Data Protection
- Healthcare services industry experience, preferably with clinical service providers
- Experience in industry best practices and security reference models such as SABSA and Jericho
- Knowledge of application security architecture
- Familiarity with IT Governance standards including ITIL and CoBIT
- Industry-specific certifications, including one or more of the following: CISSP, CISSP-ISSAP, ITIL, CISA, CISM, GCIH or GCFA
UnitedHealth Group is working to create the health care system of tomorrow.
Already Fortune 25, we are totally focused on innovation and change. We work a little harder. We aim a little higher. We expect more from ourselves and each other. And at the end of the day, we're doing a lot of good.
Through our family of businesses and a lot of inspired individuals, we're building a high-performance health care system that works better for more people in more ways than ever. Now we're looking to reinforce our team with people who are decisive, brilliant - and built for speed.
Come to UnitedHealth Group, and share your ideas and your passion for doing more. We have roles that will fit your skills and knowledge. We have diverse opportunities that will fit your dreams.
Diversity creates a healthier atmosphere: equal opportunity employer M/F/D/V
UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment. In addition, employees in certain positions are subject to random drug testing.