Director of Security Architecture & Engineering

ZS is a place where passion changes lives. As a management consulting and technology firm focused on improving life and how we live it, our most valuable asset is our people. Here you’ll work side-by-side with a powerful collective of thinkers and experts shaping life-changing solutions for patients, caregivers and consumers, worldwide. ZSers drive impact by bringing a client first mentality to each and every engagement. We partner collaboratively with our clients to develop custom solutions and technology products that create value and deliver company results across critical areas of their business. Bring your curiosity for learning; bold ideas; courage and passion to drive life-changing impact to ZS. 

Our most valuable asset is our people.  

At ZS we honor the visible and invisible elements of our identities, personal experiences and belief systems—the ones that comprise us as individuals, shape who we are and make us unique. We believe your personal interests, identities, and desire to learn are part of your success here. Learn more about our diversity, equity, and inclusion efforts and the networks ZS supports to assist our ZSers in cultivating community spaces, obtaining the resources they need to thrive, and sharing the messages they are passionate about.

DIRECTOR OF SECURITY ARCHITECTURE & ENGINEERING

ZS's Information Security team is seeking an experienced and highly skilled candidate to lead our Security Architecture and Engineering (SAE) function for both public and private cloud. The role requires working with our Enterprise IT, Cloud Center of Excellence and Software Development departments. As a member of the Information Security team, the individual will be responsible for building, implementing and leading a robust SAE function to evaluate and secure our private and public cloud infrastructure. As a valued member of the team, this individual will also partner with other leaders within the Information Security team to secure ZS’s enterprise.

What You'll Do:

• Establish SAE Strategy which include operating model(s), service catalog, organization structure, intake process(s), and reporting.
• Take risk-based approach to demand in accordance with InfoSec/GRC Risk Register
• Partner with centers of excellence across ZS, including IT, Software Development, Business Technology and Cloud, for information security architecture & engineering
• Lead the development and maintenance of a robust security strategy designed to address risks associated with public and private cloud infrastructures
• Work closely with development teams in the design of cloud native services and infrastructure
• Review and assess current infrastructure to identify gaps and mitigations
• Prepare and document policies and standards around security
• Oversee the integration of security technologies such as firewalls, CSPM, IAM and others
• Perform research and evaluate security technologies designed to protect infrastructure and systems
• Design and implement guardrails and other controls
• Build out pragmatic and reusable solutions for security problems
• Stay updated on the latest cybersecurity trends and threats to inform security strategies and policies
• Assist with other security related initiatives as they arise
• Align SAE initiatives around life cycle management best practices, Ent-IT Intake Processes, and InfoSec Intake processes.

What You'll Bring:

• Bachelor's degree in Information Security, Engineering, Computer Science, IT or related field
• At least 5 years of managerial experience in cybersecurity or a related field
• At least 8 years of security architecture and engineering experience
• One or more of the following certifications strongly preferred:
  • CISSP (and/or other ISC2 certifications)
  • Cloud security / architecture certifications
  • SANS GIAC certifications
• Other industry recognized certifications or accreditations
• In this position, abilities such as formulating short and long-term strategies and communicating at all levels (technical, management, executive, business teams, etc.) will be required
• Exceptional understanding of security principles, strategies, and goals
• Deep understanding of AWS Well Architected Framework and other best-practice security design principles
• Ability to successfully balance and prioritize security needs with other deliverable timelines, budgets, etc.
• Strong understanding of Windows OS security threats and mitigations
• Strong understanding of Linux Kernel-level security threats and mitigations
• Strong experience with securing Kubernetes at the Pod/Node/Cluster levels including network policy, node to node encryption, mutual TLS, etc.
• Strong experience in Container Management and DevSecOps pipeline
• Knowledge of AWS networking (security groups, ACL, etc.), IAM, STS, WAF, Shield and ALB protections
• Knowledge of Azure and GCP security architecture and configuration is a plus
• Ability to actively assess existing cloud infrastructures to identify gaps and mitigations
• Thorough understanding of the latest security principles, techniques, and tooling
• Able to multitask and prioritize in a dynamic environment with continuously shifting priorities
• Ability to communicate security concepts and issues to peers and management
• Possess and maintain up-to-date understanding of emerging trends in security including research of the latest products to combat these threats
• Strong analytical and problem-solving skills
• Excellent verbal and written communication skills
• Demonstrated personal initiative in maintaining a continuous high level of professional knowledge in areas of cloud security