The Cybersecurity Architecture and Technology (CAT) lead will ensure that Corteva’s infrastructure and network security standards are in place for both on premise and cloud infrastructure. The CAT lead will be responsible for overseeing the cybersecurity architecture and engineering, OT/manufacturing security, and application security program. The CAT lead will develop the overall strategy for the CAT team including innovating and ensuring the latest cybersecurity architecture, engineering, OT/manufacturing and application security standards are created, adopted, and measured. The CAT lead will also be responsible for the performance and development of CAT team members as well as interface with other Information Security and IT leaders. Additional responsibilities include serving as a member of the Information Security, Protection & Assurance (ISPA) leadership team and being prepared to support global incident response efforts as a member of the Cybersecurity Incident Response Team.
Key Responsibilities & Accountabilities - How will you help us grow?
- Lead a team of security architects and engineers accountable for the development of security reference architectures, ensure the IT and OT/manufacturing environments are secure.
- Develop cybersecurity architecture and engineering principles and guidelines.
- Supports complex projects requiring security architecture and engineering solutions.
- Work closely with the Enterprise Architecture team to ensure projects, platforms and solutions meet the cybersecurity design principles.
- Institute a continuous improvement process for existing cybersecurity solutions.
- Coordinates and partners, stakeholders, vendors, shared services teams, and information security teams to identify and prioritize efforts across the security architecture team.
- Partners with peers across the information security organization to identify new innovations, capabilities and solutions that improve the security posture of the company.
- Develop cybersecurity technology implementation strategies for ICS environments with clear understanding of the differences between IT and OT environments (e.g. Anti-virus on HMIs, application whitelisting, security policies for firewalls in ICS environments, etc.).
- Lead and execute risk-based methodologies for cybersecurity assessments of ICS systems, including remote sites, onsite, and third party.
- Development and execution of ICS/OT cybersecurity training and awareness program.
- Provide cybersecurity support for manufacturing, process controls systems and other OT environments.
- Design and implement a secure development program.
- Provide guidance to application teams on security best practices throughout all phases of the development life cycle.
- Define and implement application security testing requirements.
- Provide development teams with training on secure development practices.
- Mentor, empower, and develop a team of security architects, engineers, ICS/OT specialists, and application security engineers.
- Leads with integrity, purpose, and with a leadership mindset.
- Manages a multi-disciplinary team as well as requires interaction with IT peers, and IT leaders to drive win-win outcomes across the security architecture landscape.
- Collaborate with architects to align team with strategies, departmental goals and execution efforts.
- Responsible for setting the CAT capability strategic and tactical direction in concert with the CISO.
Position Requirements & Critical Experience – What You’ll Bring
- 10+ years of experience in technical cybersecurity architecture and technology, 5+ years in a leadership role.
- Educational Requirements: A Bachelor’s Degree in computer science, information technology/management, or related fields are highly desired but not required.
- A minimum requirement for this U.S. based position is the ability to work legally in the United States. No visa sponsorship/support is available for this position, including for any type of U.S. permanent residency (green card) process.
- Strong organizational skills.
- Strong written and oral communication skills.
- Excellent analytical and problem-solving skills.
- Strong Technical Skills and working understanding of; Cybersecurity Architecture, Cybersecurity Engineering principles, OT Security, and Application Security.
- Knowledge of industrial control systems security standards (IEC 62443, NIST Cybersecurity Framework).
- Experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS).
- Experience with secure development methodologies.
- Understanding of OWASP projects and guidelines (e.g. Top 10 Vulnerabilities, ASVS, Top 10 Proacive Controls).
- Familiarity with application security testing tools (e.g. SAST, DAST, IAST).
- Proven experience with risk assessment methodologies.
- Understanding of cyber threats, vulnerabilities, and exploits specific to IT and OT environments.
- Strong organizational skills to manage multiple projects within the constraints of timelines and budgets.
- Ability to work and thrive in a fast-paced environment, learn rapidly and master diverse technologies and techniques
Other Preferred Qualifications:
- CISSP - Certified Information Systems Security Professional.
- CISM - Certified Information Security Manager.
- Experience in strategy, customer service, or consulting.
- Good financial acumen and financial analysis skills.
- Proven success in leading and contributing to a team-oriented environment.
- Proven ability to work creatively and analytically in a problem-solving environment.
- Excellent leadership, communication (written and oral) and interpersonal skill.