Job Title: Enterprise Security Architect
Job Function: Information Systems
Department: IT Americas, IT Security
Location: Berkeley Heights, New Jersey - approx. 80% and New York City, NY - approx. 20%
This responsibilities of this position includes helping develop, maintain, and evolve the enterprise security architecture framework. Deliver enterprise security architecture services and solutions that address current and emerging security and compliance needs of the business. Serving as a senior level advisor contributing to the Enterprise Architecture team you will be expected to:
- Ensure security, compliance and considerations are represented in future state architecture decisions.
- Act as key strategic security advisor to IT Strategy and Governance team, and other key stakeholders regarding Technology and IT Security best practices and trends.
- Provide architectural deliverables that may be leveraged across the Enterprise Architecture domains;
- architecting and providing technical oversight of technical security service solutions that will be used throughout the enterprise
- help the business comply with security and compliance control objectives and standards
- contribute to the risk management strategy through analysis and understanding of shifts and trends in the business, regulatory/legal/industry compliance space, technology landscape, risk management practices, and threats and attack patterns.
ESSENTIAL DUTIES AND JOB RESPONSIBILITIES
Reporting to the CISO, the Enterprise Security Architect is in charge of ensuring the security of our cloud, mobile, onprem and Industrial IoT assets. This is a leadership role where you will define the overall security strategy, and leverage extensive knowledge of cloud and mobile security to lead the implementation of security controls that keep all of our users and data secure and compliant. Be the primary lead for infrastructure, operating system, network, middleware and application security architecture definition and change, reflecting security policy, controls and procedures, as well as operational objectives.
The key responsibilities of the role are as follows:
- Defining, implementing, and maintaining enterprise security architecture standards and processes across access management, threat management, data protection, cryptography, disaster recovery, software systems, and risk management domains.
- Defining, implementing, and maintaining enterprise-wide Identity and Access Management (IAM) standards.
- Defining, implementing, and maintaining network security standards.
- Supporting the it risk assessments on security, infrastructure, application development and application configuration.
- Experience in defining Secure Software Development Lifecycle development requirements and methodologies.
- Researches, designs and promotes new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.
- Directly contributes to the maintenance and improvement of the information security strategy and risk management objectives.
- Measures the effectiveness of current security architectures and driving process improvement into the program.
- Supports IT Security policy development and implementation.
- Work collaboratively with IT Infrastructure, Operations, Network, Applications, Digital IT and Client Services teams to develop Security Architecture framework and standards
- Evangelizes security and risk management across the enterprise.
Education & Experience Requirements
(Minimum number of years experience, skills, certification and academic background required to perform this job.)
- Bachelor’s degree in Computer Science, Information Security and Risk Management, Information Systems, Engineering or related experience, Master’s degree in information/computer science, computer engineering or a technology-related field preferred.
- CISSP, applicable GIAC, Open CA, CCNA, GSEC, MCSA certifications preferred
- 12+ years of relevant work experience, including consulting and general industry experience
- 10+ years of experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, and PCI DSS
- Minimum 10 years demonstrated experience in Security Architecture, Information Security and Infrastructure Risk Management across a global organization.
- Minimum 7 years’ experience in an IT operations role with experience managing and delivering security projects.
- Demonstrated experience in planning, developing and architecting end-to-end IT security solutions covering infrastructure, operating system, network, applications, middleware, public/private cloud, database, security dashboard and reporting technologies/solutions
- Experience in Cloud, IaaS and PaaS Architecture design and implementation a strong plus
- Experience in Federation Protocols (Oauth, SAML, OpenID), and Single Sign On (SSO) models a strong plus
- Sound understanding of IAM relevant technical security solutions such as Azure AD, AWS IAM, SalesForce Identity SailPoint, Okta or other best in class IAM solutions.
- Understanding of malware, ransomware emerging threats, attacks, and vulnerability management.
- Ability to work in a fast-paced, high performing team environment.
- Ability to prioritize and manage work to critical project timelines in a fast-paced environment, understanding of project management principles.
- Ability to develop effective/efficient IT security solutions and methods to address complex security challenges and issues.
- Excellent analytical thinking, interpersonal, oral and written communication skills with strong ability to influence both IT and business partners.
PERSONAL ATTRIBUTES REQUIRED
- An influential leader with sound knowledge of business management
- Working knowledge of information security technologies
- Proven ability to assess risks and controls and to identify solutions to reduce risk
- The ability to collaborate across the organization with other teams, such as system operations, infrastructure, auditors and business users.
- Ability to design, evaluate and document processes and lead teams in accomplishing process review and improvement.
Communication & Management Skills
- Ability to conduct governance, risk and compliance sessions
- Excellent written and verbal communications skills.
- Ability to give feedback on governance, risk and compliance issues in a structured manner
- Demonstrated initiative and commitment for results and the ability to set priorities and manage multiple initiatives.
- Ability to adjust to changing priorities while multitasking effectively.
- Time Management
- Solid work ethic with attention to detail
- Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach, and a suitable ability to anticipate and manage project life cycle events, issues and obstacles.
- Able to identify and document specific governance and compliance issues, propose resolution options, and interpret matters from the perspective of involved stakeholders.
- Consulting skills (client service orientation, conflict resolution, analysis/synthesis of information, negotiation, project management, presentation etc.)
- Negotiation skills needed to obtain commitments to remediate risks from leadership of other teams.
- Ability to work on own initiative.
We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status.