Skip to main content

Cloud Security Governance Trusted Advisor

  • Job Family: Cybersecurity
  • Type: Full time
  • Date Posted:
  • Req #: JR44830


  • FL, Tampa



Title: Cloud Security Governance Trusted Advisor

Location: Atlanta, GA; Indianapolis, IN; Virginia Beach, VA; Mason, OH; Dallas, TX; Tampa, FL; St. Louis, MO; Chicago, IL;

The Trusted Advisors of Cloud Security Governance partners with business teams and control owners every day to ensure cloud security best practices are implemented.  This role requires the ability to listen to technical needs and provide consultative and advisory guidance around cloud security. 

How you will make an impact:

Applying Cloud Security Alliance (CSA) and Cloud Controls Matrix (CCM) to help establish, validate and monitor Cloud Security Controls, deliver security guidance and consults, and share input considerations that can evolve security compliance, adherence to technical requirements methodology, program capabilities and focused maturity for the following areas:

  • Cloud services provisioning within the enterprises with proper administration, management, validation, and oversight

  • Security baselines and guidance are integrated into business awareness and requirements

  • Compliance models for hybrid multi-tenant and multi-cloud provider environments

  • Data protected at rest and in transit as a standard

  • Support consistent Cloud IAM strategy, implementation, and remediation oversight

  • Accountable for measuring adherence to Cloud security control/requirements and growing effective partnerships with peer teams and stakeholders to drive secure design, implementation, and orchestration of complex, multi-product security solutions for enterprise cloud systems

  • Participate in architecture and security control reviews as part of the program lifecycle with ability to risk manage any security exception requests to existing security policies and standards

  • Help accelerate the shift to Cybersecurity ‘Prevention and Detection’ in support of architecture designs and planning for information and network security technologies

  • Provide technical guidance and support to business and technology associates in risk assessments and implementation of appropriate information security procedures, standards, and technologies

  • Maintain security mitigation and remediation plans; represent major upgrades and business system replacements in change control

  • Propose opportunities to improve security outcomes and reduce risks based on targeted or continuous assessments. Develops short-term and long-term remediation plans

  • Routinely act as a subject matter expert among peers, managers, and senior management.

  • Develop reports supporting adherence to prescribed standards, security absolutes, and risk-based measures for Cloud Security Governance

  • Enable end-to-end Cloud governance in a multi-Cloud environment and automates cloud-preventative and retroactive controls

  • Conduct cloud security assessments against a compliance framework, is capable of collaborating, and creates high-quality work products such as documents, presentations, or content repositories.  Understand Information Security and possess a strong background in risk and compliance.

  • Self-starter capable of transforming technical terms into business-centric expressions.

  • Experience with leading the assessment and implementation of security controls in alignment with industry compliance and security standards and frameworks, including Cloud Control Matrix (CSA), ISO 27001, NIST 800 53, and other regulations and frameworks

Miniumum Rquirements:

  • Requires BS/BA in related field; 10+ years experience in systems administration and security aspects of information systems, computer networking, telecommunications, systems development, and management; significant experience with multiple technical and business disciplines required; requires broad-based expertise to plan and design highly complex systems; or any combination of education and experience, which would provide an equivalent background

  • 5-7 years of experience with at least one cloud service provider but an appetite to develop information security expertise with several cloud service providers.

  • Minimum 2 years of experience supporting any cloud environment with multifactor authentication, Container Security technologies, and CASB

  • AWS, Azure or Google Cloud Certification 

Preferred Skill, Experience, or Competencies:

  • Expert knowledge and understanding of industry-accepted data processing controls and concepts applied to access management and network security technologies, hardware, software, data, network communications, and people.

  • Experience or substantial knowledge in supporting competencies in cloud security standards and controls

  • High degree of technical security tooling in commercial cloud environments OR Diverse experience within Platform security and applications experience to enable native cloud solutions

  • Technical expertise in understanding multiple cloud platforms (AWS, GCP, Azure)

  • Technical and conceptual knowledge of configurations in cloud platforms and expertise in AWS security stack, e.g., CloudTrail, CloudWatch, GuardDuty, Shield Advanced, and IAM policies.

  • Recent experience within the last year with ServiceNow GRC

  • Strong working knowledge and technical support experience in the application development lifecycle, DevOps CI, DevOps CD, or DevOps/CICD

  • Experience and working knowledge of application security testing, specifically SCA, SAST, DAST, and Manual Penetration Testing

  • Technical security training and experience in any of the following cloud provider services – AWS, Azure, Google

  • Security Certifications: CISSP preferred, CCSP and other advanced technical security certifications (e.g., Information Systems Security Architecture Professional, Information Systems Security Engineering Professional, Certification and Accreditation or equivalent certifications); any level of training on Amazon Web Services (AWS), Cloud Security Alliance (CSA) Controls Matrix and CIS benchmarks

  • Demonstrate knowledge of security best practices, policies, and standards to design highly secure public and private cloud architectures that support application services in-scope of HIPAA, PII, and PCI regulations

  • Consultative presentations and guidance engagements with technology teams, business application owners, and technology partners

  • Agile or SAFe Agile team experience for complex deliverables in matrixed environments 

Please be advised that Elevance Health only accepts resumes from agencies that have a signed agreement with Elevance Health. Accordingly, Elevance Health is not obligated to pay referral fees to any agency that is not a party to an agreement with Elevance Health. Thus, any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of Elevance Health.

Be part of an Extraordinary Team

Elevance Health is a health company dedicated to improving lives and communities – and making healthcare simpler. A Fortune 20 company with a longstanding history in the healthcare industry, we are looking for leaders at all levels of the organization who are passionate about making an impact on our members and the communities we serve. You will thrive in a complex and collaborative environment where you take action and ownership to solve problems and lead change. Do you want to be part of a larger purpose and an evolving, high-performance culture that empowers you to make an impact?

We offer a range of market-competitive total rewards that include merit increases, paid holidays, Paid Time Off, and incentive bonus programs (unless covered by a collective bargaining agreement), medical, dental, vision, short and long term disability benefits, 401(k) +match, stock purchase plan, life insurance, wellness programs and financial education resources, to name a few.

The health of our associates and communities is a top priority for Elevance Health. We require all new candidates in certain patient/member-facing roles to become vaccinated against COVID-19. If you are not vaccinated, your offer will be rescinded unless you provide – and Elevance Health approves – a valid religious or medical explanation as to why you are not able to get vaccinated that Elevance Health is able to reasonably accommodate. Elevance Health will also follow all relevant federal, state and local laws.

Elevance Health has been named as a Fortune Great Place To Work in 2022, has been ranked for five years running as one of the 2023 World’s Most Admired Companies by Fortune magazine, and is a growing Top 20 Fortune 500 Company. To learn more about our company and apply, please visit us at Elevance Health is an Equal Employment Opportunity employer and all qualified applicants will receive consideration for employment without regard to age, citizenship status, color, creed, disability, ethnicity, genetic information, gender (including gender identity and gender expression), marital status, national origin, race, religion, sex, sexual orientation, veteran status or any other status or condition protected by applicable federal, state, or local laws. Applicants who require accommodation to participate in the job application process may contact for assistance.

Apply Now