Job Description :
POSITION: Security Architecture Manager (Cloud Standards)
REPORTS TO: Director, Information Security
LOCATION: Dallas TX, New York, NY, or Winston-Salem, NC
Position Summary:Information Security (IS) group is looking for a Security Architecture Manager as a direct report to the Director of Information Security. In this role, the candidate will provide technical leadership, subject matter expertise and direction on complex projects/initiatives for their assigned area(s) of responsibility. This position will function as a technology leader in the architecture design, planning, and delivery of enterprise-class security systems both on premise and in the cloud. We are seeking strong, self-motivated candidates with a proven track record of understanding security controls, and working across an organization to implement and validate controls.
Qualifications Required:
Five or more years’ experience in:Designing and implementing cloud security solutionsProviding consulting to business partners to influence security best practices and establish solid security principles across the organizationMeeting business goals along with customer and/or regulatory security-related requirementsStrong understanding of security principles for cloud and on premise systems in at least one of the following: network/infrastructure, mainframe, servers, mobile, system configuration Experience with automation, orchestration and Infrastructure as code using tools like Puppet, AWS CloudFormation, and Terraform Knowledge of securing development pipelines such as automated code scanning tools and API management Experience with securing containers including container management solutions such as Kubernetes, and OpenShift Experience with managing enterprise grade cloud security solutions such as Cloud Access Security Brokers (CASB)Knowledge of security defenses against data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and Denial of Service attacksAbility to provide direction and guidance at all levels of the organization on architectural use cases and requirementsAbility to contextualize security issues and business risks both verbally and in writing
Bachelor''s degree in engineering, computer science, or a related field with a minimum of 8 years of experience in technical rolesStrong analytical and problem solving skillsStrong communication skills and business acumenKnowledge of Security and Industry frameworks such as ISO27001/02, NIST 800-53, SANS Top 20 Critical Security Controls, COBIT, PCI-DSS, and NIST Cybersecurity FrameworkA combination of relevant industry certifications related to Information Security (e. g. CISSP, CISM), Architecture (e. g. TOGAF, AWS Certified Solutions Architect), and Cloud (e. g. AWS, Google, and Azure including Microsoft 365)
Essential Functions and Responsibilities:
Architect, design, and oversee enterprise-class security systems in public clouds such as Amazon Web Services (AWS), and Microsoft AzureEnsure organizational alignment with the cloud security strategy including integration with tools such as Cloud Access Security Broker (CASB)Coordinate security activities within IS and across the organization such as the Architecture Review Board (ARB), and the Cloud Center of Excellence (CCOE)Design and document security architecture requirements and building blocks to mitigate threats and risksCollaborate with the development and project teams to ensure cloud security standards, patterns, and best practices are followedMaintaining security architecture documentation and diagramsGain organizational commitment for security solutions and plans, as well as evaluate and select technologies required to complete those plansPartner with the IS leadership team, and other teams and individuals across the company to advance security standards and guidelinesProvide regular updates to stakeholders on any assigned findings, and remediation plans related to cloud securityUnderstand regulations and governmental initiatives impacting TCH, our technology, our environment and systems to ensure security gaps are addressedLead through influence, effective communication and demonstrated understanding of business and technical requirementsStay up-to-date with current and emerging cloud security topics Continue self-development of knowledge, skills and abilities to better support execution of the Information Security (IS) functionExcel as a ‘manager of one’ by defining and executing on goals and tasks that are aligned with organizational objectivesOther Information Security-related tasks as assigned