The Role

Reporting to theCAA Deputy CISOthis is a hands-onsolutionsarchitectrolewith afocus oncyber/information security,working within the InformationRisk Management(IRM)group and deliveringsecuretechnologysolutions to the company at large.The role is critical in embedding security into CAA technology solutions thatare developed in-house or SaaS based.The candidate willcollaborate across business,technology,andotherfunctionalbusinessareas tounderstandrequirements and workflows to develop and guide implementation of secure solutions to protect CAAassets.

We are looking for candidates whoare self-driven andproficient incybersecurity,third-partyrisk/security management, datasecurityand general IT risk managementprocesses. The candidate will have experience as asolutionsarchitect with a strong focus on integrating security throughthe product/solution lifecycle.

The candidate will play a key roleinourteamsefforts to build and support a defensible environment where we are able to detect, contain and respond quickly todata securitythreats and compromise in ways that serve to enable the business needs of a highly collaborative organization. The environment is fast-paced and commonly on the leading edge of technology, including early adoption of various cloud services along with the challenges of integrating those services into our security practices.

Responsibilities

• Lead the solutions architecture function to ensure security is integrated early in the development lifecycle for in-houseapplicationsorSaaS based solutions, infrastructureprojectsand technology processes.

• Partner with business and technology teams toidentifyand document workflows, system architecture, dataflowsanddevelopappropriate securityconsiderations.

• Leverage Threat Modelingtechniques toidentifysecurity threats, vulnerabilities,and attack vectors across thesolution(infrastructure, application, data).

• Ensure the security considerationsidentifiedareimplementedand the solutions are configuredsecurely.

• Develop securepatternsfor foundational technology solutions based on CAAsecurity standardsand continually educatetechnology stakeholders onthe adoption of patterns.

• Key focus onsecurityintegrationsincludessecureaccess and authorizations,audit logging,secretsmanagement, data protection, datasecurityandother functionalthird-partyintegrations.

• Support the SaaS/Third Party security assessmentsand collaboratewith service owners, businessleadsandvendors to develop a managed solution aligned with CAA security policies.

• Identifyrisks and provide mitigating controls or risk treatment options for a given solution.

• Develop training fortechnology team members to increaseawarenesson securitypractices for onboardingnew technologysolutions.

RequiredCapabilities

• Minimum8years of Information Security experience with aBachelor27sDegree.

• Minimum 3years experiencein a SecurityArchitecturefunction.

• Create and reviewsystem architecture diagrams inLucidchartor equivalent tool.

• Experiencein SaaS and Cloud architecturesAzure,AWS,M365,and exposure toSAP 4/HANA, Workday,Salesforce,and otherSaaSsolutions.Cloud architecturecertifications preferred.

• Experience with Cybersecurity frameworks NIST CSF,CSA Cloud Controls.

• Cybersecurity certificationsCISM, CISSPor equivalent work backgroundpreferred.

• Familiarity withoperationaltools such as JIRA,ServiceNow,OneTrust.

• Experience with contractual and regulatory standards such as GDPR, CCPA, FINRA, TISAX,SOX.

• Experience with third partysecurityassessmentsand standards SOC, ISO27001, SIG.

• Ability to communicate complex messages in a clear and concise mannerwith stakeholders at all levels.

• Excellent organizational skills and ability to communicate with internal/external entities and executives.

• Effective leadership skills withdemonstratedability to coordinate people and teams to project/activity completion.

• Ability to work inteamenvironment sharing responsibilities.

• Ability to work in a flexible environment where requirements and procedures continuously evolve.