This role will work remotely from either Chicago, IL, Dallas, TX or Nashville, TN. This position requires a blend of technical expertise, strategic thinking, and leadership skills to effectively secure enterprise environments. This role is ideal for an experienced Cybersecurity professional who can:
- Leads and performs analysis/design tasks to support the implementation and optimization of security solutions
- Ensures solutions meet business needs and align with architectural governance and security standards
- Promotes security requirements and objectives with stakeholders across network, infrastructure, app dev and operations domains, while ensuring security architecture and practices don't impose on business needs
- Creates and maintains a security architecture process that allows the enterprise to develop and implement security solutions and capabilities aligned with business, technology, and threat drivers
- Creates and maintains security architecture artifacts (models, templates, standards, and procedures) that can be leveraged in projects and operations
- Drafts security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the CISO
- Conducts or facilitates threat modeling of services and applications that tie to the risk and data associated with the service or application
- Works with DevOps teams to promote secure coding practices and escalates concerns related to poor coding practices to the CISO or the person responsible for overall security direction
- Works with the privacy officer to document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommends controls to ensure this data is adequately secured (e.g., encryption, tokenization, etc.)
- Defines the principles, guidelines, standards, and solution patterns to ensure solution decisions are aligned with the enterprise's future-state security architecture vision
- Facilitates the evaluation and selection of cybersecurity product standards and services
- Identifies the organizational impact (e.g., on skills, processes, structures, or culture) and financial impact of the security architecture
- Liaises with the vendor management team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property, PII, ePHI, regulated or other protected data
- Liaises with the internal audit team to review and evaluate the design and operational effectiveness of security-related controls
- Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, or a similar discipline.
- Experience: A minimum of seven years in designing and deploying security solutions across various areas, such as infrastructure, networks, application security, and data protection.
- Security Infrastructure: Proficiency with firewalls, IPS, WAF, endpoint protection, SIEM, and log management.
- Vulnerability Management and Application Security: Practical experience with vulnerability management tools and application security reviews.
- Threat Modeling: Knowledge of threat modeling methodologies for new applications and services.
- Full-Stack IT Knowledge: Understanding of applications, databases, operating systems (Windows, Linux, UNIX), networking, storage, and backup systems.
- Architecture Methodologies: Familiarity with architecture methodologies such as SABSA, Zachman, and TOGAF.
- Cloud Security: Experience with cloud security in AWS and Azure.
- IT Service Management: Understanding of IT service management (ITIL: change/configuration/incident/problem/asset management).
- Compliance: Expertise with compliance standards including NIST, ISO 27001/27002, SOC2, HIPAA, and FISMA.
- Organizational Skills: Strong analytical, planning, and organizational skills.
- Communication: Excellent communication skills and the ability to clearly explain complex security concepts to both technical and non-technical audiences.
- Influencing Skills: Ability to navigate organizational politics and influence stakeholders.
#LI-JC2
