Information Security Architect

Guided by our core values and commitment to your success, we provide health, financial and lifestyle benefits to ensure a best-in-class employee experience.

• Highly competitive total rewards package, including comprehensive medical, dental and vision benefits as well as a 401(k) plan that both the employee and employer contribute
• Annual incentive bonus plan based on company achievement of goals
• Time away from work including paid holidays, paid time off and volunteer time off
• Professional development courses, mentorship opportunities, and tuition reimbursement program
• Paid parental leave and adoption leave with adoption financial assistance
• Employee discount program

Blue Cross and Blue Shield of Kansas City is seeking an experienced Information Security Architect to join our Information Security team. The successful candidate will assist in development of strategies, solutions, standards and reference architectures, participate in threat modeling and risk assessment activities, and provide guidance to the business on security best practices.

• Evaluate the financial costs of recommended technologies, quantifying purchasing and licensing options, estimating labor costs for a given service or technology, and estimating the total cost of operation (TCO), the ROI, or the payback period for services or technologies replacing existing capabilities.
• Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers.
• Develop security strategy plans and roadmaps based on sound enterprise architecture practices.
• Develop and maintain security architecture artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
• Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM).
• Develop standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria.
• Draft security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the chief information security officer (CISO).
• Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the network operations center (NOC).
• Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts.
• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks.
• Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti‑malware/endpoint protection systems.
• Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application.
• Ensure a complete, accurate and valid inventory of all systems, infrastructure and applications that should be logged by the security information and event management (SIEM) or log management tool.
• Coordinate with Dev Ops teams to advocate secure coding practices, and to elevate concerns related to poor coding practices to the CISO.
• Coordinate with the privacy officer or office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization).
• Review network segmentation to ensure least privilege for network access.
• Support the testing and validation of internal security controls, as directed by the CISO or the internal audit team.
• Review security technologies, tools, and services, and make recommendations to the broader security team for their use, based on security, financial…