Description Summary:
The ideal candidate will have a deep understanding of information security principles, architecture, and best practices. This role involves designing, implementing, and maintaining robust security solutions to protect our organization’s information assets. It will also involve articulating security concepts to non-technical stakeholders and influence decision-making within upper level management.
Essential Duties:
The duties listed below are the essential functions of this position, and they may change as the needs of the company demand. All associates are expected to do what is necessary to get the work done and to cooperate fully with their supervisor’s requests for additional or altered duties.
- Develop and maintain comprehensive security architecture and frameworks tailored to the company’s software development processes and infrastructure.
- Conduct regular risk assessments and vulnerability analyses to identify potential security threats and implement mitigation strategies.
- Design and oversee the implementation of security controls, such as firewalls, intrusion detection/prevention systems, and encryption technologies.
- Collaborate with IT and business teams to integrate security into all aspects of the organization’s operations.
- Collaborate with the development team to analyze application security practices, establish secure coding guidelines, and conduct regular code reviews.
- Monitor and lead the response to security incidents and breaches, conducting thorough investigations and implementing corrective actions.
- Stay updated with the latest security trends, threats, and technologies, and recommend improvements to enhance the company’s security posture.
- Provide guidance and mentorship to junior security team members and promote a culture of security awareness within the organization.
- Ensure compliance with relevant security standards and regulations, such as ISO 27001, NIST, and GDPR.
- Work closely with software developers, IT teams, and other stakeholders to integrate security into all stages of the software development lifecycle.
- Other duties as assigned.
Education/Training/Experience:
- Bachelor’s degree in Computer Science, Information Technology, or a related field required. A Master’s degree is preferred.
- Minimum of 7-10 years of experience in information security, with at least 5 years in a senior or architect role required.
- Strong knowledge of security frameworks and standards such as NIST, ISO 27001, and CIS Controls required.
- Proficiency in security technologies and tools, including firewalls, intrusion detection/prevention systems, encryption, and identity management required.
- Proficiency with documentation tools and software, such as Adobe FrameMaker, Microsoft Word, Visio, and content management systems preferred.
- Meticulous attention to detail to ensure accuracy and consistency in documentation preferred.
- Experience with cloud security (AWS, Azure, Google Cloud) and securing hybrid environments required.
- Familiarity with the Palo Alto Networks security ecosystem preferred.
- Excellent problem-solving and analytical skills required.
- Ability to adapt quickly to changing technologies and requirements preferred.
- Strong communication and interpersonal skills, with the ability to work effectively with cross-functional teams required.
- Relevant certifications such as CISSP, CISM, or TOGAF preferred.
Physical Requirements:
- Ability to sit and/or stand for extended periods.
- Ability to perform work on a computer for extended periods.
- Ability to work in the office regularly, or pivot to working at home should emergency situations arise.
- Ability to attend work per assigned schedule and attend meetings with excellent attendance and punctuality.
- Ability to bend and lift 25 lbs.