The IT Security Architect is the subject matter expert on information security responsible for ensuring MBUSA’s Information Security.
- · Perform and review technical security assessments of computing environments and applications to identify points of vulnerability, non-compliance with established information security standards, and recommend mitigation strategies.
- · Validate and verify system security requirements definitions and analyze and establish system security designs.
- · Provide expert level consultation and technical services on all aspects of Information Security.
- · Apply leading-edge principles, theories, and concepts to the development, maintenance, and implementation of information security standards, procedures, and guidelines.
- · Responsible for providing high level technical leadership focused on complex information security architecture and cloud architectures.
- · Facilitate and manage security vulnerability assessments and penetration tests.
- · Plan and oversee configuration changes for major security infrastructure platforms.
- · Develop, implement, and document formal security programs and policies throughout the program and monitors compliance to these policies and programs.
- · Represent the program’s technical security interests with partners, suppliers, industry associations, and government entities to ensure the bi-directional flow of technical information and best practices in information security.
- · Support cloud implementations and internet facing projects, by providing security consultations and architecture reviews through project lifecycle.
- · Work with data center operations team to ensure operational set up, patching, password management, security logging are according to corporate security standards - Ensure all system incidents are logged and have root-cause are defined. Report on incidents on a monthly basis to ensure learning from past incidents occurs.
- · Assist in the delivery of Information Security management-related training and informational sessions to IT and Business Units leaders. - Gain a reputation for influencing a culture of robust information security standards consistent with Daimler standards. - Schedule, prepare and conduct a regular Local Information Security Forum at MBUSA. - Organize and support security assessments. Ensure new corporate security requirements are communicated to all affected parties including employees, contractors and other external users or partners. - Conduct specialized security training for groups dealing such as and not limited to associates dealing with personal data, developers and administrators. – Assist with regular awareness programs on relevant security topics.
- · Assist to continuously improve the Information Security Program at MBUSA. – Assist with the communication and implementation of global process and tool changes to ensure that changes are successfully adopted. - Adapt local procedures where necessary to comply with global standards. - Implement the defined process to solicit regular feedback from project leaders and IT management security management standards and tools to determine knowledge gaps requiring future training, as well as the need for additional supporting tools to assist application managers in successfully developing their applications.
- · Act as the IT department coordinator for compliance and audit-related tasks and projects. - Ensure early and ongoing participation in the project definition phase to ensure all financial compliance requirements are included. - Coordinate other audits performed in the IT area, e.g. Corporate Audits, internal assessments, ISO audits, etc. Support onsite field visits from auditors. - Coordinate the performance of self-audits to validate the adequacy of remediation steps taken, including tracking of open audit items, preparation of audit documentation, confirmation letters, etc. - Coordinate efforts regarding awareness & training, including creating presentation materials, E-mail notifications, etc.
Bachelor’s Degree (accredited school) or equivalent work experience with emphasis in:
- · Engineering
- · Computer/Information Science
- · Information Technology
- · Project Management and/or Process Improvement focus
Licenses / Certifications:
- · CISSP certification is required.
Must have 8 + years (total) of experience in the following:
Accounting - Knowledge of internal controls, recording and reporting of financial transactions, including the origination of the transaction, its recognition, processing, and summarization in the financial statements.
Administration - Knowledge of administrative procedures, process/project development, and system procedures.
Business - General - Knowledge of fundamental business practices and concepts that impact the success and profitability of the organization.
Education - Knowledge of principles and methods for curriculum and training design, including adult learning theory, teaching and instruction for individuals and groups, and the measurement of training effects.
Processing - Knowledge of processes, quality control, costs, and other techniques in order to achieve maximum efficiency.
Quality Assurance - Knowledge of accounting standards, statistical analysis, precision measurement, and process capability.
Cloud Security - Knowledge of fundamental cloud design best practices and security concepts.