The Enterprise Information Security Architect develops and implements enterprise information security architectures and solutions. Serves as a security expert in integrating security in to cloud and digital solutions, application development, database design, network, and/or platform (operating system) efforts, assisting project teams to comply with Enterprise and IT security policies, industry regulations, and best practices. Researches, designs, and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors. Contributes to the development and maintenance of information security strategy and architecture. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks. Communicates security risks and solutions to business partners and IT staff as needed.
- Evaluate, analyze and document the current Enterprise Information Security Infrastructure.
- Analyze current and future enterprise security requirements in order to design an advanced, reliable, integrated and comprehensive IT Security architecture.
- Document architecture and identify areas of potential risk, recommend environmental changes/additions to hardware, technology, processes and monitoring solutions to reduce risk of unauthorized network resource use.
- Remain current with new security threats and assess systems to ensure they can defend the business.
- Work closely with security leadership team to align architectural designs to compliance, logical access model and cloud requirements.
- Design a robust, reliable and integrated IT security architecture covering the entire enterprise and addressing issues as prioritized by Enterprise Risk.
- Drive security efficiencies, enabling security team members to work on more advanced tasks.
- Partner and coach IT, engineering, development and business teams.
- Provide architectural leadership and design capabilities to ensure Enterprise Architecture is properly implemented and maintained.
- Act as an Advisor to operational teams on technology solutions and IT processes in accordance with American Cancer Society security policies industry best practices.
- Establish security model, technologies and standards for system architects and designers.
- Minimum of 8 – 10+ years’ experience in the information security industry.
- BS/BA degree in Management Information Systems or Computer Science, or equivalent experience is required.
- A proven deep background (preferred 5+ years in addition to cybersecurity) in technology design, implementation and delivery.
- CISSP certification preferred.
- TOGAF/SABSA certifications preferred.
- Demonstrated knowledge of IT Security process frameworks, ISO 27000, NIST, CIS Controls, Mitre ATT&CK, COBIT, COSO, and ITIL.
- Demonstrated security platform design and implementation experience.
- Experience in large-scale cloud applications, including Salesforce, Microsoft, and Netsuite.
- Excellence in communicating business risk from cybersecurity issues.
- Broad range of knowledge, including both technical and non-technical facets of IT internal controls and compliance, including logical and physical controls for applications, infrastructure and e-Commerce. Knowledge of industry best practices and standards for IT Security and Risk Management.
- Proven experience with firewalls, IPS, vulnerability assessment and mitigation, event collection and correlation, auditing, cryptography, cloud service provider integration, data loss prevention and identity and access management.
- Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private and hybrid environments.
- Network Operations background and/or Systems Engineering background.
- Expert experience in Visio documentation.
- Experience translating business requirements into security controls.
- Demonstrated experience assessing risk and developing security controls at a business-appropriate level.
- Experience estimating, justifying, and budgeting for roadmap initiatives.
Demonstrates Information Technology Competencies:
Business insight, Decision quality, Action oriented, Optimizes work processes, Ensures accountability, Collaborates, Communicates effectively, Instills trust SKILLS:
- Strong analysis and process evaluation skills.
- Critical decision-making ability and experience.
- Ability to identify problems and resolve collaboratively with internal teams and vendor partners
- Ability to communicate clearly and compellingly to business staff, IT team and management
- Strong customer service behavior and continuous quality improvement orientation.
- Able to develop and implement cyber security incident response process enforcement that are in alignment with an overall team strategy.
- Ability to effectively document operational processes and response procedures
- Ability to maintain a high level of confidentiality.
- Excellent problem solving skills.
- Excellent oral, written, and presentation communications skills.