Job Description :
Project Description:
Onboard new systems into client PCI certification. This role is designed to complete design documentation and manage the migrations of systems into the compliance regime.
Responsibilities:
Responsible for developing and maintaining the global enterprise information security technology strategy and baseline, managing and enforcing system development processes, and providing security engineering and consulting services across the enterprise.
Collaborate with project teams, in order to define mitigating controls through the System Development Life Cycle (SDLC
Assist project teams with sourcing, product strategies, and technology research and evaluations. This will ensure that information security is a fundamental element of the technology architecture.
Perform tasks to translate technical security vulnerabilities into business risk terminology.
Maximize the operational effectiveness of our defensive infrastructure by operationally configuring our defensive infrastructure as a coherent system of systems focused on internal security use-cases and client’s operational security requirements.
Required Skills (and years of experience): Top 5 Skills Needed
Bachelor’s degree in Computer Science, Information Systems, Engineering or related field.
Minimum 4-5 years’ experience in a security or related IT function.
CISM, GIAC or other vendor (Cisco, Microsoft, etc) certifications preferred.
Preferred Skills: (NICE TO HAVES)
The successful candidate will have architecture, engineering, analyst and operator background and mindsets as well as leadership skills:
Engineer to understand the existing technology and operational activities and business processes
Analyst to understand the operational requirements as well as driving non-business impacting changes by leveraging situational awareness
Operator to integrate the former two into a cohesive, evolving security posture
Architect to evolve our system of systems to meet emergent requirements that cannot be satisfied by existing architectural capabilities
Leadership to initiate and build a virtuous feedback loop that continually advances our security posture through a cross-company team primarily including GES DI, SAAC/ASG, GON and NetSec
Excellent written and verbal communications skills; demonstrated ability to communicate highly technical concepts to non-technical audiences. Strong understanding and experience with IT security technologies. Basic understanding of a variety of information security processes and principles, such as:
Enterprise security architecture
Vulnerability assessment
Defense in depth
SDLC
Identity and access management
Networking concepts (routing, design, TCP/IP)
ISO 27001/27002
NIST 800-53
Web services security
What does a typical work day look like? (How much time will be spent in meetings? Etc.
A Security Architect is primarily focused on using the architecture we have today as well as shaping how the company operates in the future through development of sound, security oriented business processes and architectural design patterns.
This role is a part of a small Architecture and Engineering team within Global Enterprise Security whose job it is to:
Understand the technical capabilities of the security architecture components
Understand how the architecture components are being deployed and used
Identify architectural or security posture gaps based on planned maturation, incidents or threat intelligence necessitating operational enhancements
ID mitigations and operational enhancements of the security posture using existing technical capabilities and process changes
Work as part of the architecture, engineering and acquisition teams to fill gaps that aren’t solvable with existing technology and processes
Education Requirement:
Bachelor’s degree in Computer Science, Information Systems, Engineering or related field.
Required Certifications/Testing:
CISM
CISSP
GIAC