PURPOSE OF THE JOB
The Identity Security Architect is a critical member of the Owens Corning Information Security team. This team has global responsibility for ensuring the appropriate security processes, policies, and technologies are in place to support Owens Corning's business goals and objectives.
Aligned with OC's enterprise growth initiatives and strategies, the Security Architect is a key role in driving Owens Corning's security strategy and securely enabling the business to take advantage of new technologies. Primary responsibilities of this role are to provide consultative guidance on new technology initiatives and projects, develop actionable recommendations, define security requirements and recommendations, evaluate risks and develop mitigations, and deliver security tools and processes to enable the business.
A successful candidate will have specific knowledge in identity and access management platforms and concepts as well as a broad IT technology background to manage security concerns with IT infrastructure, cloud, and applications. The ideal candidate will demonstrate the ability to connect and build trust with stakeholders, deliver commitments, and drives results.
Reports to: Director of Security Operations and Architecture
Span of Control: Individual Contributor; indirect leadership of partners and project teams
JOB RESPONSIBILITIES
Knowing Our Businesses and their Strategies
- Build relationships within the GIS organization, cross-functionally, and with key stakeholders; ensure effective communication to remain aligned with functional objectives.
- Understand the strategic direction of the company's businesses; develop and execute functional strategies to support and enhance business results and be knowledgeable of the project work that supports this direction and implications to the business.
- Know what best-in-class GIS organizations do and obtain outside-in market insights to understand and then apply to positively impact Owens Corning
- Consult on IT and business projects to ensure security risks are identified, prioritized, and managed appropriately
Executing Strategy
- Design and Implementation: Develop, implement, and maintain identity security architectures for both traditional IT and cloud environments.
- Identity and Security Frameworks: Create and update security frameworks and roadmaps to address evolving threats, enable new capabilities, and enable zero trust.
- Risk Assessment: Conduct project-based risk analysis across on-premises and cloud systems and recommend mitigation strategies.
- Identity Security: Define, plan and consult on identity security standards and solutions, such as cloud and hybrid identity platforms, internal and external identity management, privileged identity management, identity governance multifactor authentication and conditional access.
- Standards and Compliance: Develop and deploy. security standards and procedures to ensure compliance with regulatory requirements and industry best practices.
- Stakeholder Collaboration: Advise stakeholders on security requirements for new initiatives, review proposed changes, and recommend secure solutions for business objectives. Partner with internal governance, operations teams as well as external HR and business application stakeholders
- Security Reviews: Evaluate third-party software, services, and integrations for security risks, especially in cloud-based solutions.
- Continuous Improvement: Stay current with emerging technologies and threats and drive ongoing improvements in security architecture and awareness programs.
- Documentation: Maintain thorough documentation of security architectures, processes, and controls for both on-premises and cloud systems.
Leading and Developing Talent
- Develop depth and breadth of key skills within direct team to meet business needs.
- Mentor high potential talent within Owens Corning.
Leading in the Function
- Inspires teamwork across GIS functions and regions to maximize the performance of Owens Corning and the development of people.
- Is regarded by the employees of Owens Corning as a role model for their growth, development, and conduct.
- Provides thought leadership, sets vision, and communicates strategy for the development of people.
JOB REQUIREMENTS
MINIMUM QUALIFICATIONS:
- 5 - 7+ years of information technology experience, with a BA or BS degree in computer science, MIS, or equivalent preferred
- 5+ years of cyber security experience
- Strong working knowledge of modern authentication and authorization standards (SAML, OAuth, OIDC)
- Knowledge of security frameworks such as ISO 27001 and NIST CSF
- Working knowledge of global security requirements and regulations such as SOX, GDPR, CCPA, and HIPAA
- Competence in project management theory, knowledge, skills, tools and techniques
- The ability to build trust, connections, and influence stakeholders
- Strong overall IT and security knowledge in multiple domains to understand technical risks: networking, servers, cloud infrastructure
- Experience with identity security platforms and technologies and standards that enable secure enablement of business initiatives including single sign-on, privileged access, remote access, and identity governance
PREFERRED EXPERIENCE:- Industry certifications such as CISSP, CISM, or CISA
- Leading global projects
- Experience within a manufacturing company
- Experience working with and managing outsourced security service providers
- Understanding of identity security for APIs, integrations, and data flows, including token lifecycle management.
- Experience integrating identity solutions with major cloud providers and SaaS platforms and business applications.
KNOWLEDGE, SKILLS & ABILITIES:
- Risk management concepts
- The ability to synthesize high level objectives with an ambiguous environment to align on a direction with clear objectives and goals
- Curiosity about new technologies
- Effective verbal and written communication skills with engaging presentation abilities
- The ability to build trust, connections, collaborate, and influence stakeholders
- Operates effectively in a matrix environment
- Thinks and acts on a global scale
- Proactive leader and worker with continuous learning and growth mindset
- Ability to challenge the status-quo and continuously striving for excellence
- Demonstrated experience working with maintaining security integrity for the corporation, employees, and shareholders
- Demonstrated extraordinary business and interpersonal judgment
- The ability to execute and deliver results
- Proven agility and organizational skills to handle multiple priorities
- Strong business acumen
- Ability to travel, domestically and internationally, approximately 20%
