Humana Enterprise Information Protection Director in Louisville, Kentucky
Humana is a Fortune 60 market leader in integrated healthcare whose dream is to help people achieve lifelong well-being. As a company focused on the health and well-being of the people we serve, Humana starts from within, and is committed to providing progressive benefits that advance the employment experience and vitality of the associate community. Through offerings anchored in a whole-person view of human well-being, Humana embraces a focus on stimulating positive individual and population changes while nurturing a sense of security, enabling people to live life fully and be their most productive. We are searching for experienced leader who can utilize solid business knowledge and expert technical experience in data security to help develop application security strategy, roadmap, and execution for our enterprise secure software development program. As Enterprise Information Protection (EIP) Director you will be responsible for the enterprise application security oversite, application security assessments, application security control selection, and SSDLC maturity strategy. You will lead and develop a team of specialized associates to deliver secure software development oversight and security requirements reduce risk while enabling our stakeholders. You will work closely with all areas of EIP, business units, and strategic partners, and vendors to ensure security initiatives and operations are in line with all other key initiatives that may have interdependencies. You will support project teams to recommend technology and control alignments and reviewed by EIP and that applicable security controls are properly incorporated.Our preferred location for this position is our office in Arlington, VA. However, other locations will be considered on a case-by-case basis for strong candidates.
EIP Application Security Governance & Architecture
Build and lead a continuously improving team of Secure Application Security Architects focused on application security architecture, secure coding patterns, and threat modeling
Partner and Improve SSDLC BSIMM maturity scores
Assist with the creation and management of SSDLC policy and standards
Partner to create, manage, and measure application security secure coding patterns and their adoption
Responsible for the EIP Threat Modeling program
Lead Application Architecture Risk Assessment (ARA) program
Partner and conduct COTS security assessments
Partner and conduct Open Source and Component assessments specific to software
Lead security technology tool selection specific to reducing application security and development risks
Provide application security consulting as needed
Be an advocate for secure software development
EIP Application Security Assessments
Build and lead a continuously improving team of security specialists focused on SSDLC engagement
Lead the Application Security Assessments (ASA) program
Ensure application changes adhere to the enterprise SSDLC process
Ensure applications being deployed have met all security control requirements
Facilitate vulnerability management and security risk management for an application during an SSDLC engagement
Key Candidate Qualifications
The ideal candidate will have extensive experience in cyber security and cyber data protection, and strong experience with delivering SSDLC programs in traditional water fall and agile environments. This person will also have deep experience translating Mitre ATT&CK framework and NIST Cyber Security Framework into functional security controls. Additionally, he/she will have a proven record of success in building, developing, and leading a high-performing team of technology professionals. Bachelor’s degree is required; Master’s degree is highly preferred.
In addition to the above, the following technical qualifications and personal attributes are also sought:
Experience conducting penetration testing, cyber incident response, code reviews, and Threat Modeling.
Experience creating and delivering complex enterprise initiatives and programs.
Proven ability to engage auditors, create highly repeatable process, and write control narratives.
Experience successfully implementing security tools and architecture in traditional and Cloud environments.
Solid knowledge and understanding of security regulations and best practices such as PCI, SOX, HIPAA, or the ISO 27000 family of standards.
Experience migrating enterprise applications to a major cloud provider (Azure is preferred)
Experience with a formal requirements definition and RFI/RFP process.
Proven expertise translating business requirements into architectural deliverables and technical specifications.
Experience with managing and forecasting budgets.
Excellent oral and written communications skills, including the polish, poise, and executive presence that will ensure effective interaction with senior and executive level audiences
The ability to clearly explain complex ideas and technologies to non-technical audiences
Experience that would be considered a “plus” includes: WAF, Adaptive Auth, Next Generation firewalls, Cyber Threat Intelligence, CICD and DevSecOps.
Professional certifications that are preferred include CISSP, CISM, SANS, Cloud Architecture and/or Cloud Security Certifications, Cloud Security Alliance (CCSP, CCSK), Offensive Security Certified Professional (OSCP), etc.
Scheduled Weekly Hours
Mission: At Humana, our cultural foundation is aligned to helping members achieve their best health by delivering personalized, simplified, whole-person healthcare experiences. Recognizing healthcare needs continue to evolve for each person, for each family and for each community, Humana continuously creates innovative solutions and resources that help people live their healthiest lives on their terms –when and where they need it. Our employees are at the heart of making this happen and that’s why we are dedicated to building an organization of dynamic talent whose experience and passion center on putting the customer first.
Equal Opportunity Employer
It is our policy to recruit, hire, train, and promote people without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity or expression, disability, or veteran status, except where age, sex, or physical status is a bona fide occupational qualification. View the EEO is the Law poster.
If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process, or are limited in the ability or unable to access or use this online application process and need an alternative method for applying, you may contact email@example.com for assistance.
Humana Safety and Security
Humana will never ask, nor require a candidate provide money for work equipment and network access during the application process. If you become aware of any instances where you as a candidate are asked to provide information and do not believe it is a legitimate request from Humana or affiliate, please contact firstname.lastname@example.org to validate the request.