Overview: The Senior Director, Security Engineering will lead the evolution of Inovalon's security engineering program. Leveraging your significant experience in cloud architecture and engineering, DevSecOps practices, and information security, you will be expected to deliver the security engineering needs across our multi-cloud environments (AWS, GCP, Azure, OCI). This role will work with leadership teams in all areas of the organization to ensure effective information security programs and processes are in place.

Duties and Responsibilities:

• Lead and mentor a team of cloud security professionals providing technical guidance and support
• Identify, incorporate, and articulate cloud security best practices such as Zero Trust design, DevSecOps, policy-as-code, and cloud incident response.
• Engineer solutions to protect critical information assets and services, and automate security processes from start to finish.
• Research, innovate, design cloud first security solutions supporting multi-cloud environments (AWS, Azure, GCP, OCI)
• Lead partnership with external teams to consult on secure cloud development practices and develop artifacts to help integrate cloud security automation into pipelines
• Provide support as needed during security incidents, collaborating with other teams to ensure timely and effective response.
• Leads and manages the following functional areas/programs:

• Security Engineering
• Cloud Security
• Data Protection
• Security Assessments
• Threat Modeling Program

• Establish recurring and long-range security KPIs and KRIs (key risk indicators) to continually monitor our cloud security risk, posture, and health. Define metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements;
• Ensure ongoing protection of confidential data and risk assessment relative to Inovalon business model including, but not limited to classification of data, accessibility controls, storage and resource allocation;
• Liaise with business to understand their security architecture needs and influence adoption of enterprise-wide security architecture. Deliver risk evaluation for to enhance Information Protection strategy;
• Maintain compliance with Inovalon's policies, procedures and mission statement;
• Adhere to all confidentiality and HIPAA requirements as outlined within Inovalon's Operating Policies and Procedures in all ways and at all times with respect to any aspect of the data handled or services rendered in the undertaking of the position;

• Fulfill those responsibilities and/or duties that may be reasonably provided by Inovalon for the purpose of achieving operational and financial success of the Company;
• Uphold responsibilities relative to the separation of duties for applicable processes and procedures within your job function; and
• We reserve the right to change this job description from time to time as business needs dictate and will provide notice of such.

Job Requirements:

• Minimum 10 years of progressive experience performing technology and security related duties with at least 4 of the years in cybersecurity;
• Demonstrated experience leading security engineering efforts related to DevOps/DevSecOps in large & complex multi-cloud environments, ideally including Snowflake database systems and AWS/Azure/GCP/OCI cloud environments.
• Experience leading large and complex security architecture efforts in enterprise environments
• Hands on experience with some of the following:

• Zero Trust Security
• Proficient in at least one scripting language (Python, Java, Golang, etc)
• Infrastructure as Code tools (CloudFormation, Terraform)
• Policy as Code tools (OPA)
• CI/CD and DevSecOps Tooling
• Security administration in AWS/GCP/Azure/OCI
• Docker and Kubernetes
• Developing and securing serverless applications
• Core understanding of IP networking, routing, VPN
• Cloud native security related tools

• Strong executive reporting and narrative based presentation skills

• Ability to communicate with and influence all levels within a dynamic fast past organization;
• Demonstrated experience in managing a team, as well as, coaching and motivating employees;
• Knowledge of applicable HIPAA, PCI,SOC, HITRUST, NIST, CIS, and data privacy practices and laws;
• Strong leadership skills and excellent cross functional relationship building skills;
• Strong interpersonal and oral communication skills, highly self-motivated and directed;
• Experience in a national or international company with a geographically dispersed workforce;
• CISSP, CISA, OSCP or other information security certifications are preferred.

Education:

• Bachelor's degree in Computer Science, Computer Engineering, or Cybersecurity
  

Physical Demands and Work Environment:

• Sedentary work (i.e. sitting for long periods of time);
• Exerting up to 10 pounds of force occasionally and/or negligible amount of force;
• Frequently or constantly to lift, carry push, pull or otherwise move objects and repetitive motions;
• Subject to inside environmental conditions; and