Responsibilities
- Manage and administer corporate server infrastructure, cloud computing platforms, and enterprise applications.
- Develop system and service architecture documentation for new technologies and applications.
- Implement comprehensive monitoring and alerting strategies built around key performance and health indicators using tools such as Apica, Solarwinds, etc.
- Collaborate actively with the Chief Architect and the architecture team in the Agile software development process as a security subject matter expert, to ensure that the product architecture conforms with all company security policies and security best practices. And to ensure that all software developed by the company will meet all security audit, compliance, and control requirements.
- Lead internal initiatives that result in highly available, redundant, resilient systems and services.
- Ensure creation, validation and execution of clearly defined and executable information security policies, standards, and procedures with appropriate governance to ensure ground level adoption.
- Build tools to automate processes and operate production systems including user access provisioning.
- Administer a variety of SaaS applications including: Okta, O365, GSuite and Atlassian to name a few.
- Communicate clearly with peers as well as management and provide technical leadership to more junior team members.
- Strive to achieve resolution of all interactions on first touch whenever possible while proactively and conscientiously balancing competing demands in a fast-paced environment
- Collaborate actively with the architects, functional leads, quality, support and corporate communication organizations to architect, develop and rollout solutions in a timely and efficient manner.
- Chief Architect and the architecture team in the Agile software development process as a security subject matter expert, to ensure that the product architecture conforms with all company security policies and security best practices. And to ensure that all software developed by the company will meet all security audit, compliance, and control requirements.
- Work directly with business units and other internal departments and organizations to facilitate IS risk analysis and risk management processes, identify acceptable levels of residual risk, establish roles and responsibilities related to information classification and protection, and to ensure that other managers are taking effective remediation steps.
Qualifications
- A bachelor’s degree in information systems, engineering or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
- Candidates with the following certifications are preferred: ISC2, SANS, ISACA, or other recognized security professional credentialing organization.
- 5-7 years of experience in security roles with increasing responsibility and business-leadership exposure. Previous roles may include information security analyst, application security or penetration testing, network-related security roles (firewall, intrusion detection, data loss prevention), or audit/compliance such as working to maintain SOX, PCI, and/or HIPAA compliance.
- 8-10 years or experience in an enterprise technology environment, ideally with customer-facing systems and services. Numerous roles are applicable – operations, application development, networking, systems and infrastructure architecture, or other as applicable
- Strong infrastructure security skills including IDS/IPS, firewall, SIEM, server and OS hardening, malware detection, physical security, transport and at-rest encryption on file systems, DB, and other data persistence mechanisms.
- Previous experience in strategic planning and associated processes for budgeting and portfolio decision-making for business or technology goals is required. The ability to distill requirements from non-technical staff and working relations and build road-maps and prioritize over time is also required.
- Experience driving SOX/PCI compliance audit initiatives with internal and external auditors.
- Excellent written and verbal communication skills — including the ability to effectively communicate security- and risk-related concepts to technical and nontechnical audiences — and strong interpersonal and collaborative skills
- High level of personal integrity, with the ability to handle confidential and otherwise sensitive matters professionally and with the appropriate level of judgment and maturity.
- Demonstrated experience in executing/delivering cross functional projects in a dynamic, fast-paced matrixed environment with a sophisticated ability to balance between security strategies and other priorities at the organizational level.