Information Security Architect I/II (Finance)

Job Description:

Summary:

The Information Security Architect assists in the development and execution of the information security risk management strategy, risk assessment philosophy and the IT components of Lifetime Healthcare Companies' Enterprise Risk Management program. This position participates in IT security investment analysis, design, scope and approach. The primary responsibility is to provide technical expertise for the Information Security Group and serve as a trusted security advisor to the business and divisional initiatives. The architect helps to ensure a secure, risk based, and cost-effective infrastructure and application design is developed and maintained. This position advises and consults with Information Security management, and various levels of business and IT leadership, regarding the protection of corporate information and the direction of the Information Security Program.

Essential Accountabilities:

Level I

• Participates in development and implementation of security architecture principles and standards that align to the Organization's overall business and strategy.

• Drives adoption and compliance of security standards across development and infrastructure teams both inside of and under contract with the Organization.

• Creates functional and technical security requirements and sees them through the project lifecycle.

• Executes an overall risk management strategy with key business and divisional stakeholders. This risk management strategy includes enterprise integration of risk management into operational, regulatory/statutory, financial, technical, and security processes, including the creation of robust disaster recovery and/or business continuity plans.

• Performs risk-based assessments of solutions and vendors to ensure appropriate security controls are adhered to.

• Provides security consultation, including design, reviews, and recommendations for various projects and initiatives.

• Supports the team by providing hands-on support for technologies owned and operated by the Security and Risk Department.

• Establishes collaborative working relationships in the division and across the organization and subsidiaries to ensure that Information Security risks are managed, and the solutions align with the business strategy.

• Develops processes, standards, and templates for managing information security risks. Supports the implementation of new standards and solutions in close collaboration with other divisional teams to allow the Organization to protect information assets (applications and infrastructure solutions) efficiently and effectively.

• Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies' mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs.

• Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures.

• Regular and reliable attendance is expected and required.

• Performs other functions as assigned by management.

Level II (in addition to Level I Accountabilities)

• Leads the development and implementation of security architecture principles and standards that align to the Company's overall business and strategy.

• Helps develop an overall risk management strategy with key business and IT stakeholders.

• Fosters a risk management culture through education, skill development, and implementation of effective risk management processes and practices.

• Acts as a mentor for department staff, providing subject matter expertise to the division.

Minimum Qualifications:

NOTE: We include multiple levels of classification differentiated by demonstrated knowledge, skills, and the ability to manage increasingly independent and/or complex assignments, broader responsibility, additional decision making, and in some cases, becoming a resource to others. In addition to using this differentiated approach to place new hires, it also provides guideposts for employee development and promotional opportunities.

All Levels

• Five (5) years of experience in an Information Technology Security Role.

• Bachelor's degree in computer science, information technology or relevant field. In lieu of a degree, six (6) additional years of experience required.

• Exceptional communication and influencing skills with strong ability to balance differing stakeholder interests through sound analysis and persuasion.

• Ability to work collaboratively with all stakeholders, both inside and outside of the Organization.

• Experience with the following applications or enterprise security components preferred:

o Identity and access management architecture and implementation, user provisioning/de-provisioning, single sign-on

o Enterprise directories (AD and LDAP)

o Multi-factor authentication

o Network and application-level security and encryption

o Security event management

o Firewall architecture and design

o Cloud Security Controls

o Web server security

o Application security

o PKI system implementation

o Data loss prevention systems and implementation

o Intrusion detection and prevention systems for network and host systems

o Remote access security controls

o Mobile security

• Strong knowledge of TCP/IP protocols, broad and deep conceptual understanding of how Applications, Application Platforms, Operating Systems and Networks function.

• Experience with shell scripting, Perl, other scripting language, or with any programming language such as Java, C++, or C.

• Familiarity with Sarbanes Oxley, HIPAA, HCFA, PCI/DSS and other regulations impacting security (with ISO27001 and NIST security standards) is preferred, as well as COBIT and COSO familiarity.

• Demonstrated ability to work with a diverse team and assist in developing and shaping the Organization's Security Architecture.

• Sound judgment, proven relationship management skills, and the ability to support security architecture aspects of business and IT initiatives.

• Understanding of process and its benefits in a maturing IT environment.

• Ability to quickly familiarize with newer security technologies, their implementation requirements, and how to integrate the technologies into a larger corporate solution.

• Ability to translate real-world threats into actionable security tasks by balancing functionality and performance needs with prudent security measures. This includes having a thorough understanding of the ramifications of various system security decisions.

Level II (in addition to Level I Qualifications)

• Seven (7) years of related experience in an Information Technology Security Role.

• Prior experience with architecture processes, strategies, and standards, required.

• Experience coordinating vendor solution delivery and partnering effectively with vendors to meet business needs.

• At least one security industry certification (i.e., CISSP, CISA, CISM, SANS) preferred.

Physical Requirements:

• Ability to work prolonged periods sitting and/or standing at a workstation and working on a computer.

• Ability to work while sitting and/or standing at a workstation viewing a computer and using a keyboard, mouse and/or phone for three (3) or more hours at a time.

• Ability to travel across the Health Plan service region for meetings and/or trainings as needed.

• Ability to work in a home office for continuous periods of time for business continuity.

************

One Mission. One Vision. One I.D.E.A. One you.

Together we can create a better I.D.E.A. for our communities.

At the Lifetime Healthcare Companies, we're on a mission to make our communities healthier, and we can't do it without you. We know diversity helps fuel our mission and that's why we approach our work from an I.D.E.A. mindset (Inclusion, Diversity, Equity, and Access). By activating our employees' experiences, skills, and perspectives, we take action toward greater health equity.

We aspire to reflect the communities we live in and serve, and strongly encourage people of color, LGBTQ+ people, people with disabilities, veterans, and other underrepresented groups to apply.

OUR COMPANY CULTURE:

Employees are united by our Lifetime Way Values & Behaviors that include compassion, pride, excellence, innovation and having fun! We aim to be an employer of choice by valuing workforce diversity, innovative thinking, employee development, and by offering competitive compensation and benefits.

In support of the Americans with Disabilities Act, this job description lists only those responsibilities and qualifications deemed essential to the position.

Equal Opportunity Employer

Compensation Range(s):

Level I: Grade E7: Minimum: $87,766 - Maximum: $157,978

Level II: Grade E9: Minimum: $110,093 - Maximum: $198,168

The salary range indicated in this posting represents the minimum and maximum of the salary range for this position. Actual salary will vary depending on factors including, but not limited to, budget available, prior experience, knowledge, skill and education as they relate to the position's minimum qualifications, in addition to internal equity. The posted salary range reflects just one component of our total rewards package. Other components of the total rewards package may include participation in group health and/or dental insurance, retirement plan, wellness program, paid time away from work, and paid holidays.

Please note: There may be opportunity for remote work within all jobs posted by the Excellus Talent Acquisition team. This decision is made on a case-by-case basis.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.