Senior Security Architect

Basic Function

The Senior Security Architect is recognized across the organization for deep-domain expertise in security architecture and is responsible for ensuring security and privacy by design to the overall information security program. This includes designing standards, guidelines, and policies to protect enterprise communications, systems, and assets from both internal and external threats. You will ensure our hosted services, mobile devices, and applications are designed and maintained securely and consistent with our principles. The role also provides opportunities that promote technical growth in the form of formal and informal education and training to all levels of team members within IT, Digital, and Cybersecurity (IDC).

Roles & Responsibilities

• Serve as the domain expert for cybersecurity technologies with expertise in the design, deployment, maintenance, and remediation of those technologies
• Collaborate with executive leadership, IDC leadership, and partners 
• Drive security projects from ideation to completion and aid with project related financials
• Lead technical evaluations, analysis, and risk assessments to develop suitable solutions
• Validate systems against published reference architectures, existing standards, and policies and recommend changes to enhance security and reduce risks, as applicable
• Provide leadership during security incident response activities as needed 
• Lead technical growth opportunities for security roles throughout the enterprise 
• Liaise with other leaders in the cybersecurity industry to share best practices and insights
• Influence corporate leadership to help drive sound technical investment strategies
• Keep up to date with current and emerging security trends, threats, technologies, security frameworks, and regulations
   

Min. Qualifications

Education:

• Bachelor’s degree in Management/Computer Information Systems, Computer Science, Engineering, or comparable experience
• Master's degree in cybersecurity discipline is preferred

Work Experience:

• 5+ years related experience with information technology and information security demonstrating increasing responsibilities 
• Demonstrated success delivering projects and programs working with a diverse field of stakeholders
• Familiarity with risk assessment, vulnerability management, and penetration testing tools
• Experience with frameworks and guidelines such as MITRE ATT&CK, NIST, CIS, ISO 27000, and TOGAF
• Direct experience in the areas of systems architecture, applications development, database administration, network operations, IAM (Identity & Access Management)/PAM (Privileged Access Management), cloud architecture, network security, and/or SIEM (Security Incident and Event Management)
• Experience with cloud infrastructure in Microsoft Azure, Amazon Web Services (AWS), or Google Cloud Platform (GCP)
• Microsoft Office 365 experience

Languages: English

Other Required Skills:

• Excellent verbal and written communication skills 
• Demonstrated ability to articulate ideas to both technical and non-technical audiences
• Self-motivated and directed, with the ability to work in a collaborative and dynamic environment
• Strong analytical, problem-solving, negotiation, and decision-making skills to influence management, as well as internal and external partners
• Ability to influence others in matters related to both security solution design, implementation, and overall risk posture
   

Preferred Qualifications

• CISSP (Certified Information Systems Security Professional) or related certifications
• Knowledge of advanced cyber threats, adversary methodologies, and cyber threat intelligence as well as endpoint and mobile threat detection and response
• Experience with multiple operating systems (Windows, Linux, IOS, Android)
• Experience writing code in one or more scripting languages (Python, JavaScript, Java, or PowerShell)
• Proficiency with endpoint security tools at enterprise scale (e.g., Endpoint Detection Response (EDR), anti-malware, Mobile Device Management (MDM), VPN)
• Experience with encryption protocols (SSL/TLS), algorithms (RSA, AES), and Public Key Infrastructure (PKI)
• Experience ensuring security by design in a System Development Life Cycle (SDLC) process
• Budget planning and management preferred
   

Competencies