We have the assets, the talent, the drive and the financial strength to provide attractive and rewarding careers for our employees. We encourage you to take some time to explore your career opportunities at Freeport-McMoRan.
The role of the Director Enterprise Security Architecture is to provide leadership and management for MIS Security Architects and Contractors on technical Security Architecture, Security Engineering, and Security Processes. Overall control landscape includes Vulnerability Management, Access Control, Identity, Encryption, Endpoint, DLP, Messaging, Secure Software Development Lifecycle, Network Security, and Disaster Recovery. This position manages the interface between MIS Security, MIS Infrastructure Architecture, and MIS Applications Architecture, and ensures project-level solution designs support long-term global enterprise architecture standards and portfolio roadmaps. The incumbent must effectively work with MIS leadership including the CIO, Directors, Managers, and Staff.
- Responsible for managing a team that provides Security Architecture services including contractors and vendors.
- Coach and train team in Information Security policies and standards, security process and design frameworks, and delivery of cybersecurity services
- Develop both short and long-term Enterprise Security system technology roadmaps based on an understanding of the organizational strategic requirements, risklandscape, technology context and business needs
- Represent Security interest in the Architecture Review Board (ARB) meetings, and ensure development of reference architecture documentation and presentation of initiatives in the ARB
- Oversee the design and integration for IAM functions including identity management, account provisioning, entitlements review, authentication processes, logging, enterprise roles management, and authoritative sources for identity and its attributes; provide project support in the process re-engineering and automation of existing processes
- Oversee the design and integration for networksecurity functions including firewalls, remote access, network access control, network activity monitoring, forensics, and other attributes; provide project support in the process re-engineering and automation of existing processes
- Oversee the design and integration for technologies and processes around threat and vulnerability management to include identification, analysis, remediation, and reporting
- Extend TVM integration into processes and procedures for security incident response
- Oversee the design and integration of cybersecurity controls within the Software Development Life Cycle (SDLC)
- Support the security configuration and change management function to include configuration reviews and security tool feature enablement
- Perform other duties as required
- Bachelor’s degree in MIS or related field AND
- Ten-plus (10+) years of IT experiencewith a minimum of four (4) years in Security Architecture to include:
- Strong background in Security technology design and architecture
- Experience in working with current and emerging Information Security technologies and development methodologies
- Effective leader, visionary, and implementer with demonstrated experience in advising and influencing Senior Management
- Excellent analytical skills: able to break down complex, multi-faceted problems into actionable steps without over-simplification
- Ability to communicate Security-related concepts to a broad range of technical and non-technical staff in an intelligent, articulate, and persuasive manner
- Strong technical, facilitative and collaboration skills, organizational and time management skills, communication (verbal and written) and interpersonal skills
- Security Certifications such as CISSP, CISM, GWEB, GSSP-.NET, GWAPT, etc.
- Understanding of IAM technologies and processes including account provisioning, role management, entitlement review and identity management
- Experience with Cloud platforms such as Azure
- Experience with SQL, PKI, SAML, XML
- Experience with securityarchitecture related to protocols such as SNMP, HTTP(s), SOA, Web Services
- In-depth understanding of networksecurity issues, securityevent logging / monitoring, operating systems (Windows, Unix), Firewalls, Intrusion prevention, AV technologies, authentication mechanisms, vulnerability assessment & scanning tools, application security assessments, incident response and knowledge of common information security management frameworks
- Experience working with software developers and experience with application design reviews and threat modeling
- Experience with regulatory compliance such as SOX
- Active in professional security organizations such as ISSA, OWASP, SANS, FUEL, etc.