As VF Corporation continues to develop and mature its global information security program, we recognize the value of a formal information security architecture process as one of the key enablers of such a program. It is the planning process that provides the models, templates, principles, policies and standards that are used to design, implement and operate information technology solutions that deliver business value while being secure by design. This architecture role will ensure policies, procedures and standards can be implemented, enforced, measured and continually updated and aligned as business needs change.
The role of the information security architect demands business insight; technical acuity; and the ability to think, communicate and write at various levels of abstraction.
Roles and Responsibilities
- Works closely with IT architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
- Works closely with IT and Business Architects to ensure policies, procedures and standards can be implemented effectively based on the technical solutions deployed at VF.
- Develops the process to create, review, approve and track information security policies, procedures, standards, exception processing to account for solutions that cannot align with policies and standards.
- Develops the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.
- Serves as a efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
- Contributes to the alignment of security governance with IT architecture governance and project and portfolio management (PMO).
- Researches, designs and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.
- Contributes to the development and maintenance of the information security strategy.
- Evaluates and develops secure solutions, based on approved security architectures. Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks.
- Communicates security risks and solutions to business partners and IT staff.
- Develops the overall Information Security Awareness and Training strategy to ensure policies, procedures, standards, and information security threats are understood by the organization at large.
Education and Qualifications
- A bachelor's or master's degree in computer science, information systems or other related field; or equivalent work experience.
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
- Formal training in a relevant enterprise architecture methodology is preferred (for example, the Zachman Framework or TOGAF).
- Seven to 10 years of combined IT and security work experience, with a broad exposure toinfrastructure/network and multiplatform environments.
- Expert knowledge of security issues, techniques and implications across all existing computer platforms.
- Experience developing Information Security Policies, Procedures and standards and ensuring compliance across the enterprise.
- Experience in using an enterprise architecture methodology (for example, Zachman, TOGAF and Gartner frameworks).
- A foundational knowledge of information security related standards like PCI.
- Proven ability in security process and organizational design.
- This is an expert/lead technical role. It defines the information security architecture and design for the enterprise along with the policies, procedures and standards needed to deliver the architecture in a consistent manner.
- This person works on multiple projects as a project leader or as the subject matter expert.
- The role is involved in projects, risk assessments (vendors, technology) or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments.
- Coaching and mentoring of more-junior technical staff will be required.
- Strong conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates.
- Ability to work well under minimal supervision.
- Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT and business personnel.
- Demonstrable written and verbal communication skills.