Director, Enterprise Security Architect
|Position:||Director, Enterprise Security Architect|
|Reports To:||SVP, Chief Information Security Officer|
|Location:||Dallas TX, New York, NY, or Winston-Salem, NC|
Position Summary:The Information Security group is looking for a Director, Enterprise Security Architect as a direct report to the SVP, Chief Information Security Officer. The leader in this position will provide expertise in information security architecture in concert with enterprise data, application, and distributed systems architectures, and will play a key role in translating the business vision, strategy, policies and procedures into key security policies, requirements, models, and principles.
The Director, Enterprise Security Architect will be responsible for the oversight and management of Information Security architecture function. This position is a unique opportunity to lead, evaluate, design, engineer, and manage information security systems, create, and maintain security baselines, and enhance the security posture of critical payment systems.
- Candidate should be an establish information security expert with a broad technical knowledge covering all aspects of information security.
- Communication skills including the ability to build relationships, build consensus, negotiate solutions, and guide customers through their decision process are highly desirable.
- Extremely strong analytical and problem-solving skills.
- Understanding of SANS Top 20 and OWASP Top 10 vulnerabilities.
- Significant recent experience with secure software development practices, standards, and tools.
- Measure and report appropriate metrics (key risk and performance indicators) to measure the monitoring program and related process.
- Bachelor's degree in engineering, computer science, or a related field with minimum of 8 years of experience.
- 5+ years of recent experience with security architecture, security engineering, network engineering or systems administration.
- Relevant industry certification, such as CISSP, CISM, etc. is desired.
- Ability to work with all levels within the organization.
- Membership with FS-ISAC, US-CERT and other relevant technological knowledge sharing forums is desired.
- Knowledge of ISO27001/ISO31000, NIST 800-64, 800-27, SANS Top 20 Critical Security Controls, COBIT, NIST Cloud Computing Security Architecture, NIST Cybersecurity Framework and similar standards is preferred.
- Financial Services experience is preferred.
Essential Functions and Responsibilities:
- Function as a thought leader across the company, offering a highly secure and functionally practical viewpoint on the design, development, testing, deployment, and ongoing maintenance of interconnected enterprise systems.
- Collaborate to create secure architectures, and/or stacks for development, testing, and deployment. Ensure that security and regulatory compliance are built into the systems, and where this is not feasible, ensure that a verifiable process is created to demonstrate secure practices and minimize risk.
- Establish and maintain security direction and governance related to cloud (SaaS, IaaS, PaaS).
- Lead security architecture design and review functions. Ensure changes do not create or introduce security gaps; or degrade critical security controls.
- Core member and leader of the cross functional architecture review board.
- Maintain clear security standards and policies. Develop comprehensive security practices conforming to these policies and standards for use in the design of applications in the field.
- Contribute to and disseminate information security policies and standards across the company with architects to ensure clear and highly technical direction and lead us to a more mature environment across non-production and production environments, code repositories, testing tools, deployment platforms, and change control practices.
- Understand our application development process, intellectual capital and identify and remediate gaps in knowledge.
- Collaborate with developers, engineers, subject matter experts and stakeholders to develop practical and well-understood standards and milestones for secure application development.
- Collaborate on the use and security analysis of proposed, proprietary, and open-source software platforms.
- Establishes, motivates, and leads a high-performance Information Security organization; attracts, recruits, and retains key members of the organization.
- Maintain a keen understanding of industry trends, application security threats, and associated patterns and techniques used to mitigate associate threats across one or more enterprise systems.
- Understand current vulnerabilities, attacks and countermeasures and stay constantly familiar with latest security vulnerabilities, advisories, incidents, penetration techniques.
- As directed, undertakes such additional duties and responsibilities that may arise from time to time.
Physical Demands and Work Environment:Work is generally sedentary in nature, but may require standing and walking. The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.
- A letter of interest describing your experience and interest in the position
- Your resume
- Names and contact information of three references, or three letters of reference
* Please submit a single application per position.