Information Security Senior Advisor – Google Cloud Platform ( GCP )
Location: This position will work a hybrid model (remote and in office one to two days per week). Ideal candidates will live within 50 miles of one of our Pulse Point locations in Chicago, IL, Indianapolis, IN, Richmond, VA, Norfolk, VA, Mason, OH or Atlanta, GA
The Information Security Senior Advisor – Google Cloud Platform ( GCP ) develops, recommends, and implements enterprise information security policies, technical standards, guidelines, procedures, and other elements of an infrastructure necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls. This technical role develops and drives Cloud Security Architecture models and strategies, with a focus on organizing and rationalizing Elevance Health systems and information assets to ensure business and IT alignment with Security requirements standards. This position will support the effort to secure Elevance Health's resources for Google Cloud Platform (GCP) by programmatically enhancing integration with ticketing and asset management systems for accurate and efficient monitoring.
How you will make an impact:
• Provides security-focused solution architecture guidance to business and IT partners and participates in broader enterprise architecture governance activities.
• Creates ServiceNow dashboards and configures API integrations with cross-team ServiceNow frameworks (APM, ESG) to ensure visibility into the GCP environment and process flows.
• Defines and drives security controls matrix design and implementation, and monitors compliance to enterprise-level security standards.
• Develops innovative technology approaches to solve security and business problems.
• Collaborates with IT and ensures that the construction of architecture components (domain architecture, solution architecture, and technical architecture) aligns with architecture strategies.
• Participates in the Cloud Governance processes and community of practice.
• Recommends changes and updates to cloud security governance strategy based on NIST, regulatory and evolving threats drivers.
• Works with business units to translate business strategy into discrete capabilities and helps to identify security capability gaps in systems.
• Provides strategic and tactical security control recommendations, operational security blueprints and roadmaps, reference architectures for security patterns, and general security technology/application assessments.
• Proposes opportunities to improve security outcomes and reduce risks based on targeted or continuous assessments.
• Designs, analyzes, and implements testing plans to ensure security guardrails cannot be compromised.
• Creates ticketing automation processes and streamlined mapping of efficient, centralized Security ticketing system flows.
• Leads system and network architecture support for information and network security technologies.
• Leads development and execution of risk assessment methodologies to fit business, regulatory, and technical environment considerations; leads the development of requirements, system architecture, and software design of security products and services.
• Leads the development of strategies for discovery, evaluation, and response to new networking attacks.
• Develops security incident response plans and strategies.
• Provides trouble resolution and serves as point of technical escalation on complex problems.
• Creates presentations and seeks IT management approval and acceptance of significant replacements or reconfigurations of major security systems serving the Enterprise.
• Sets vendor strategy and direction.
• Designs and engineers comprehensive access management and network security technical solutions based on business requirements and defined technology standards.
• Develops reports supporting strategy and direction for management.
Minimum Requirements:
• Requires BS/BA in information Technology or related field of study and a minimum of 8 years of experience in systems administration and security aspects of information systems, access management and network security technologies, network communications, computer networking, telecommunications, systems development and management, hardware, software, data, and people; experience with multiple technical and business disciplines required; requires broad-based experience to plan and design highly complex systems; or any combination of education and experience, which would provide an equivalent background.
Preferred Skills, Capabilities and Experiences:
• Experience with ServiceNow frameworks strongly preferred.
• Proficient with ServiceNow ticketing automation processes and streamlined mapping of efficient, centralized Security ticketing system flows strongly preferred.
• Experience in creating ServiceNow dashboards and configuring API integrations with cross-team ServiceNow frameworks strongly preferred.
• Experience in designing and driving security controls matrix that complies with Enterprise-level security standards strongly preferred.
• Experience in designing, analyzing, and implementing testing plans to ensure security guardrails cannot be compromised strongly preferred.
• Experience with automated security validation and event-driven automation strongly preferred.
• Clear understanding of overall systems architecture and how to leverage specific components strongly preferred.
• 5+ years of experience in Information Security-focused efforts, with demonstrated ability to distill complex security problems and drive toward creative solutions while complying with Enterprise policies strongly preferred.
• 3+ years of experience in defining solution architecture, design detailing and technology delivery with a focus on Google Cloud Platform (GCP) services, such as: compute, containers, integration, internet of things, storage, web, and DevOps strongly preferred.
• Experience in analyzing both detailed design components and high-level architectural blueprints, ensuring compliance with Enterprise policy and guidelines preferred.
• Understanding of Cloud infrastructure environments and the challenges associated with Enterprise integration, with demonstrated ability to grasp and contribute to big-picture strategy preferred.
• Understanding of legal/regulatory requirements such as PCI-DSS, HIPAA, NIST, FISMA, etc. preferred.
• Security Certifications: CISSP, CCSP and other advanced technical security certifications (Information Systems Security Architecture Professional, Information Systems Security Engineering Professional, Certification and Accreditation or equivalent certifications) preferred.
• GCP Solution Architect certified preferred.
• Training on Google Cloud Platform (GCP), Cloud Security Alliance (CSA) Controls Matrix, and CIS benchmarks preferred
