MINIMUM EDUCATION:

• Bachelor’s Degree or equivalent education in Computer Science, Information Systems, information Security or other Information Technology-related field.
• CISSP or CCSP certification
• Additional certifications (CISA, CISM)

MINIMUM EXPERIENCE:

• 7-10 years related experience in technical security architecture and engineering function, including hands-on experience in:
  • Secure Systems architecture & design
  • Secure application development practices, DevOps, & SDLC
  • GDPR, CCPA, NIST 800-53, NIST 800-171, NIST CSF, OWASP, & PCI DSS Controls
  • Secure cloud architecture deployments, Azure & AWS
  • Agile, waterfall, & hybrid project methodology
• Demonstrable experience in architecture and engineering principles (e.g. SABSA, TOGAF)
• Demonstrated experience in implementing and managing at least 9 of the following security defenses:
  • Web filtering technology
  • Network intrusion defense systems
  • Intrusion prevention systems
  • Endpoint monitoring
  • Data loss prevention
  • Penetration testing
  • Firewalls
  • WAF
  • Vulnerability scanning tools
  • Security Information and Event Management
  • Network tabs, traffic aggregators and filters
  • Forensic investigations and relevant tools
  • Policies, standards, procedures and other forms of documentation
  • Identity management tools, AD, LDAP, web front end and virtualization
  • Application code vulnerability scanning (dynamic & static) and application security
  • Cloud architecture, security controls, secure configuration, and deployment
  • User security training and awareness
• Expert-level knowledge of security principles and technologies
• Experience with security automation and orchestration
• Experience with CI/CD pipelines and secure DevOps
• A sound understanding of emerging threats and industry trends

KNOWLEDGE, SKILLS, ABILITIES

• Provide technical security architecture guidance and oversight to ensure increased security architecture maturity
• Articulate issues, risks, and proposed solutions to various levels of staff and management
• Contribute to the development of the security strategy, policy and service delivery objectives and best- practices for the design and delivery of security architecture services
• Develop processes, standards, guidelines and policies for the implementation and maintenance of security architecture principles within projects
• Manage multiple enterprise-wide programs simultaneously
• Proficient knowledge of the organization’s mission, values and strategic goals to their work
• Expected to present information in writing, email, PowerPoint and other forms of documentation.
• Expected to work with employees from all areas of IT and maintain a good working relationship with them.
• Proficient with interacting with multiple levels and roles within the organization and shall have the ability to apply different strategies to convince others to change their opinions or plans.
• Regularly report to the Director Security architecture and CISO office using KPIs and other metrics to clearly reflect accomplishments and progress over time
• Demonstrate process-oriented approach with high attention to detail
• Excellent critical-thinking and organizational skills
• Proficient interpersonal skills with the ability to interact professionally with all levels within the organization
• Ability to work successfully with a diverse set of individuals and constituencies, and to be adept at advocating for, recommending and building consensus around suggested improvements
• Ability to work creatively and analytically with others in a problem-solving environment
• Ability to think both strategically and tactically in a high energy, fast paced environment
• Ability to exercise sound judgement, problem solve, and make decisions in complex situations
• Ability to communicate verbally and in writing within all areas and at all levels of the organization