Chief Security Strategist

Job Overview

The Chief Security Strategist will play a pivotal role in shaping the organization's security architecture, ensuring seamless integration of security design review and other controls into the Software Development Life Cycle (SDLC). This position demands an exceptional individual capable of collaborating with engineering teams to implement complex security capabilities, guiding them through Technology Review Board and Architecture Review Board processes, and participating in technology evaluations.

Responsibilities

• Identify and document security requirements for enterprise solutions, local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), cloud networks, routers, firewalls, and related security and network devices.
• Assess applications and their development for adherence to enterprise security standards.
• Develop and implement comprehensive security testing strategies for a portfolio of enterprise applications, incorporating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Online Static Analysis Tools (OSAT), and Interactive Application Security Testing (IAST).
• Coordinate the implementation of policies, standards, and daily operations of Identity and Access Management Program, facilitating clear communication and evangelization of the value associated with adhering to the security strategy and corresponding standards.
• Evaluate compliance with security regulations and frameworks such as HIPAA, PCI, NIST Cybersecurity Framework (CSF), HITRUST, and guide stakeholders on meeting these standards.

Requirements

• Bachelor's degree in Engineering/Computer Science or related relevant experience.
• 7 years of technical cybersecurity architecture experience architecting cloud solutions in Azure, GCP, or AWS.
• 7 years of combined experience with Application Security, Zero Trust Network Architecture, Infrastructure Security, Endpoint Detection and Response, Identity Access and Management Solutions.
• 5 years of experience working with security regulations and frameworks like HIPAA, PCI, NIST CSF, HITRUST.
• 4 years of management experience.
• Proven ability to influence stakeholders and partner within and across teams to gain consensus and drive change.
• Exceptional communication skills for creating and sharing presentations to multiple levels of audiences, including senior executives, architects, developers, and other stakeholders.

Preferred Qualifications

• Negotiation and mediation skills.
• Healthcare experience.
• Master's degree.
• CISSP or CEH certification.

Additional Information

• Remote work requirements include having high-speed DSL or cable modem for home office. In California, internet expenses will be covered.
• A minimum standard speed of 25x10 Mbps is required for optimal performance. Satellite and wireless Internet services are not allowed for this role.
• A dedicated workspace without ongoing interruptions to protect PHI/HIPAA information is essential.