Information Protection Security Specialist
- Works with application delivery team to ensure security best practices are incorporated into both model of delivery (process/tools) and developed assets
- Proactively identifies potential security impacts to existing/planned applications and supporting platforms (middleware, database, network assets) and implements remediation.
- Works with extended security/application stakeholders to influence, coordinate and support the following activities:
- Planning and implementation of corporate security initiatives
- Enhance existing tools/process/patterns for improved security posture on ASG applications
- Support the prioritization and discovery of new applications
- Review and security impact assessment from new tools/libraries
- Supports triage and resolution for security incidents
- Ongoing application risk evaluations for existing/pending applications
- Creation and support of design documentation around physical/logical security for applications
- Support for vendor security reviews, including coordination with vendor on documentation/discovery, and remediatio
- Implementation of relevant monitoring/support patterns and tools to implement ongoing evaluation of application security posture
- Works with testing stakeholders (functional, performance, integration) to ensure test cases and strategy that support vulnerability testing
- Works with delivery team to ensure periodic, proactive validation of software/capability releases to ensure security readiness
- Coordination with product requirements leads to ensure planned capabilities account for functional/non-functional security needs
- Familiar with application development processes, tools and conventions. Prior experience in software development preferred
- Can work with complex, modern distributed application and system architectures
- Ability to understand mid-level application/infrastructure diagrams and associated business process flows and descriptions
- Working knowledge of HIPAA, PCI and common security frameworks and standards (ex: OWASP)
- Understands hosting and development facility security concerns and requirements, and is able to review those from paper based questionnaires and surveys.
- High level understanding of basic network and network security fundamentals.
- Proficient in security analysis and common industry controls and mitigation tactics.
- Health Insurance or Health Care Industry experience desired
- Ability to grasp and understand complicated relationships
- Proven Communication skills, with the ability to write and verbally communicate effectively
- 3 to 5 years active and proven Information Protection Security experience in various capacities covering software development
- 5 to 8 years active/proven Information Protection Security with leadership experience in various capacities
- Hand-on experience with multiple technologies including operating systems, network, databases, identity management tools, web security practices, etc.
- 5+ years of Information security audit experience
- Working experience with industry best practices related to Information Protection Risk Assessments for outsourced business processes
- Experience with various compliance standards (ex: HIPAA, GLBA, Sarbanes-Oxley (SOX), ISO Security Standards, )
- BS degree or proven equivalent industry experience
- Excellent written and verbal communication skills
- Ability to work effectively with other teams and maintain positive relationships
- Experience with Black/White-hat vulnerability assessments on modern web/mobile applications
- BS degree or equivalent experience
- CISSP, CISA, CISM, CRISC or similar certifications