Business Initiative/Purpose: This role is focused on security solution architecture. The CCS Solution Architects will support merger integration work across the DCIOs and LOBs.
Initial/Primary Project Names: Merger and Business integration work across multiple LOBs.
Project Team Size/Makeup: Multiple business partners
1. Lead the planning, creation and consulting of security architecture, and map to corporate policies and standards for all applicable platforms and environments to influence CIS and IT Services decision making.
2. Develop security specifications, requirements and architecture artifacts in compliance with corporate standards, laws and regulations for architecture adherence and performance guidelines.
3. Oversee efforts (e.g. proof of concepts) to measure and prove new technology value. Lead development of system security context and preliminary system security concept of operations and define baseline system security requirements in accordance with applicable regulations and standards.
4. Ensure that all acquired or developed security systems and security architectures integrate with enterprise security architecture.
5. Document reference architectures, patterns, templates and roadmaps.
6. Ensure security product lifecycles are managed proactively.
7. Create/maintain domain specific strategies aligned with business drivers and higher level strategies
8. Document design specifications, installation instructions and other system security-related information.
9. Perform security reviews, identify gaps in security architecture and develop security risk management plans.
10. Exhibit a thorough understanding of existing and future CIS technology direction.Job Requirements:
MUST HAVE- Skills / Prior Experience:
o The candidate must be a highly experienced subject matter expert role with either deep specialization or comprehensive knowledge within a discipline which crosses multiple areas of specialization relative to Data Protection, IT Risk, Network Security, Application Security, Security Operations, and Identity and Access Management.
o Understanding of Security foundations and Standards such as hardening, least privilege, attack surface reduction, NIST SP800-series, NIST Cybersecurity Framework, FIPS 140-2, Common Criteria, FISMA/FedRAMP, ISO 27000, PCI-DSS, CIS Benchmarks, and similar.
o Applies in-depth and specialized expertise and/or a significant breadth of expertise in own professional discipline and other related disciplines. Interprets internal/external business challenges and recommends best practices to improve products, processes, or services.
o Applies a comprehensive understanding of how the organization operates to solve technical, operational, and business problems.
o Uses sophisticated analytical thought to exercise judgment and identify innovative solutions. Leads teams or projects with moderate resource requirements, risk, and complexity.
o Mentors less experienced teammates to build their own technical expertise. Impacts the achievement of client, operational, project, service, and risk management objectives.
o Works independently, with guidance in only the most complex and unusual situations.
o Experience with Agile Scrum (Daily Standup, Sprint Planning and Sprint Retrospective meetings)
Bachelor Degree Required
PLUS/NICE TO HAVE - Skills/Prior Experience:
1. Bachelor's degree in Business, Management, Management Information Systems-related field, or equivalent education and related training
2. Eight years of progressively responsible security architecture experience in Information Security
3. Comprehensive experience in network security architecture, including design tools, methods and techniques, and the application of Defense-in-Depth principles; knowledge of network design processes, including understanding of security objectives, operational objectives and tradeoffs
4. Thorough knowledge of The Open Group Architecture Framework (TOGAF), including infrastructure, data, information security, applications, architectural concepts, and associated disciplines