Position SummaryThe Manager of Information Security Architecture and Engineering serves as team leader and mentor, defining and driving goals and performance for thesecurity team, especially in the areas of engineering andarchitecture.
- Mentor and guide Architects, Engineers and Analysts and perform knowledge transfer to other teams as required
- Responsible for Architects, Engineers and Analysts, administration of secure SDLC & Architecture and remediation procedures, workflows, and tasks.
- Holistic risk-based cybersecurity management with a focus in architecture and engineering.
- Drive and conduct Architectural Reviews, Secure Design Reviews, Risk Assessments and Threat Assessments.
- Provide cybersecurity expertise on large and complex projects
- Cybersecurity Portfolio Management
- Advise on solution execution throughout development cycle
- Be a leader in the expansion and growth of the Security Function within the clients’ environments.
- Drive integration of new products and services.
- Ensure that Standard Operating Procedures are being created and followed by the team.
- Identify opportunities to improve security and operational tasks.
- Evaluate existing conditions & processes with in security and adapt to meet the business requirements.
- Work with outside teams in the development of a comprehensive set of operational security policies and standards designed to permit the organization to achieve its business objectives while effectively managing our security and compliance requirements of meeting PCI and SOX goals.
- Work with all levels for stakeholders in the creation of new operational processes and procedures.
- Bachelor's degreepreferred.
- 5-7 years working within the information security field, with emphasis on Architecture and Engineering.
- 2 years managing a security program and people functioning in an information security enterprise environment.
- Experience designing and building securityarchitecture and engineering environments on an enterprise level.
- Experience with secure architecture principals, secure SDLC, security device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.).
- Knowledge and practical application of common Industry Standards (ISO27001/2, NIST, COBIT, CIS, DISA, FIPS) and Industry Regulatory Standards such as SOX, PCI, GDPR.
- One or more of the following certifications or a willingness to acquire certifications within 6 months: CISSP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP, CSSLP, CCSP, CAP, CISA, CISM, CRISC, GSLC, and GISCP. Other industry certifications will be taken into consideration.
- In-depth familiarity with security policies based on industry standards and best practices.
- Working knowledge of a broad range of security technologies.
- Great customer service skills.
- Advanced technical writing skills.
- Ability to lead and communicate efficiently within a team environment.