Company:
NICO National Indemnity Company

As a member of the Berkshire Hathaway group of insurance companies, we offer outstanding opportunities for professionals interested in working with a successful company. We offer unparalleled financial strength, stability and "large company" benefits, in addition to an exciting, friendly, "small company" atmosphere.

Serves as Cloud Security Architect responsible for assisting in the design and development of the company's cloud security architecture standards, policies and procedures; its application security standards, policies, and procedures; its cloud architecture, virtualization, cloud and application controls and compliance standards, policies, and procedures. Works with other technical architects and appropriate IT team members to develop and administer the company's above mentioned cloud architectures, technologies, tools, and practices. Actively participates in the research, development, identification, and recommendations regarding design and implementation of security/compliance and cloud architecture products, practices, and procedures. Tracks and ensures applications and cloud architecture meet compliance with state regulations, Payment Card Industry (PCI), ORSA, SOX, CCPA, NY DFS and other regulatory requirements, while still maintaining consideration for operational effectiveness.

Required Knowledge:

• Bachelor's degree in Computer Science, Software Engineering, Information Systems, Management Information Systems, IT Management, or other IT degree
• (Engineering, math, and science degrees are acceptable substitute degrees)
• 5-7 years related work experience in Security Architecture, Engineering, working with enterprise applications
• 5 or more years working in a Cloud and Hybrid environment
• Experience with application, operating systems, cloud, and various cloud networking architectures including automation
• Experience with system log and security log analysis of applications
• Experience with cloud network and web application firewall monitoring, management and administration
• Experience with cloud security and application related best practices, standards and procedures, and compliance
• Experience with building and maintaining technology testing processes and management practices
• Experience with cloud application security architecture, assessment, and remediation

Preferred Knowledge:

• Enterprise practices and procedures related to security
• Insurance related background
• CISSP, CCSP, CISA, CEH, or other Web Security Specialization such as SANS 522
• AWS or Azure Architect certification

Essential Duties and Responsibilities:

1. Cloud Security/Compliance Architecture

Collaborates to establish cloud cybersecurity architecture with a focus on proactive threat detection, security control enforcement and incident response. Collaborates with enterprise and domain architects to develop secure cloud solutions and a Cloud Strategy. Actively participates as a subject matter expert in a cloud center of excellence, including security, infrastructure, and domain architects. Helps develop strategy and roadmaps of enterprise security portfolio. Partners with security leadership, CIO, and IT leadership to assess and reduce cloud security risks. Provides clear written and verbal consulting to projects about cloud security architecture and cloud risk management. Supports the implementation of industry leading cloud security standards and best practices across the enterprise. Provides advice, analysis and recommendation on the security products in the cloud security space. Serves as Cloud Security Architect responsible for assisting in the development, design, documentation and implementation of products, standards, policies and procedures surrounding the company's application software security, server platform / operating system security, data security, network security, and general technology controls. Responsible for monitoring the effectiveness of the various cloud security architecture mechanisms, protocols, software, and other security products in the Company's technology related areas in order to reduce the Company's cyber security risk profile. Develops, documents and communicates an overall cloud security architecture and strategy. Translates strategy into tactics and projects. Tracks and reports on project progress. Such direction requires a broad knowledge of the Company's existing software, mainframe, and infrastructure environments as well as a current knowledge of the evolving world of cyber security. Tracks and ensures cloud architecture compliance with state regulations, Payment Card Industry (PCI), ORSA, SOX, and other regulatory requirements, etc. Coordinates security assessments and audits of applications and cloud architecture and manages required remediation efforts across business and technology teams, working with third parties as necessary. Requires a broad knowledge of the rules and regulations that govern large publicly traded companies and how these rules apply to the insurance industry.

50-60% Daily

2. Cloud Architecture Oversight and Management

Reports to IT Senior Management on technical status of enterprise IT security initiatives. Identifies and recommends new solutions for research and participates in proof of concept initiatives to explore new architectural strategies. Builds and manages enterprise governance standards for our cloud tenants to guide in secure and efficient applications implementations, data management analytics and AI, while engaging in an agile DevOps culture capable of delivering technical excellence. Collaborates with applications development teams and architects to promote the adoption of the Security Development Lifecycle (SDL) and integration of it in the Software Development Lifecycle (SDLC) to raise security awareness in application development and implementation. Works with other technical architects and technology staff on the design and development of the company's communication networks; and the network policies and procedures and general technology controls that are required. Responsible for monitoring the effectiveness of the various network mechanisms, protocols, software, and other products in the Company's technology related areas in order to optimize the Company's network costs and performance. Such direction requires a broad knowledge of the Company's existing software, mainframe, and infrastructure environments as well as a current knowledge of the evolving world of LAN/WAN networks. Develops and communicates an overall cloud network architecture and strategy. Translates strategy into tactics and projects Tracks and reports on project progress.

10-15% Daily

3. Cloud Architecture and Application Security Strategy, Policies, Procedures

Collaborates with other business units to advise and strategize the enterprise cyber security matters, protections, detections, and prevention capabilities. Identifies any implementation risks of technology solutions and analyzes the impact of achieving the desired business outcomes. Provides updates to the definition and documentation of our cyber security standards, processes and governance models. Performs security reviews and assessments together with Infrastructure, Security, Architecture, Application Development, Data and other business units across the organization. Stays informed on current cloud technology trends and the changing technology landscape. Responsible for research, development, identification, recommendations, and implementations regarding cloud security architecture technologies; and application software, server platform / operating system, network, and data security products, practices, and procedures. Identify opportunities for automation and software product improvement. Provides updates and input into new network, security, and vendor policies based on a current understanding of technologies available, and cyber security risks and vulnerabilities. Generates ideas and participates in the research and evaluation process required to identify where new technologies would provide better information and/or make workflow easier and more efficient. Works with other IT infrastructure and application development staff to analyze and identify gaps or weaknesses in the current network and cyber security mechanisms, policies and procedures. Works with IT development teams to ensure secure coding practices are developed and maintained. Makes recommendations to technology management and senior management, where appropriate, on updates and enhancements to network and cyber security architecture topologies, mechanisms, policies, and procedures as needed.

15-20% Daily

4. Advisory Duties

Works with the various technology teams to develop an understanding of Company's cloud architecture topologies and cyber security opportunities and risks. Determine the appropriate approaches, methodologies, products and technologies to improve services and reduce risk across these areas. Develops appropriate cyber security training for technology staff as well as rest of Company to ensure an appropriate understanding of the various cyber security risks faced by the Company.

25% As Needed

5. Other Duties

Performs related duties as situation dictates, such as participating in appropriate interactions with other Berkshire Insurance Group involving cloud architecture, and security management.

5% As Needed

A comprehensive benefits package is available for regular, full-time employees, including health, vision, dental, life and disability insurance as well as a 401(k) with company match. We also proudly offer 100% upfront tuition reimbursement to regular, full-time employees, to further your education. Our Omaha office boasts a complimentary state-of-the-art, on-site gym, a robust wellness program, low-cost downtown parking, and numerous volunteer and networking opportunities with other emerging professionals.