Director, Security Solution Architect
1001 Frontier Rd. Bridgewater, NJ 08807
The Security Solution Architect plays an integral role in defining and assessing the organization' s security strategy, architecture, and practices. The Security Solution Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.
The Director, Security Solution Architect will be responsible globally for leading the organization’ s security architecture specifically focused on the development of visionary technical architecture, design, and implementation pattern standards of solutions that will securely enable our digital transformation & business.
In this role, the candidate sets the security architecture strategy and vision for the organization in partnership with the Information Security Group and other key technology leaders. The candidate will create the vision and be the evangelist of the strategy to assure it is socialized, understood, and instituted. This is a pivotal role that partners with other security, technology, business, and regional leads across the firm. The candidate defines and evolves the supporting security architecture globally via a collaborative model, while sourcing, leading, and presenting forward-thinking, security capabilities
We seek a result driven leader who is passionate about applying program leadership, organizational discipline, and technology to transform the retail apparel industry. The Security Solution Architect must be a leader who will drive the security technology practice, oversee its governance, sponsor technical development and debate, be the trusted partner and advisor to Information Security Group leader, global infrastructure team, and key business partners while driving adoption through cross-functional teams in multiple geographies. The candidate must have a strong understanding of the latest trends and how to incorporate relevant emerging technologies without creating extensive complexity.
PRIMARY RESPONSIBILITIES/ACCOUNTABILITIES OF THE JOB:
- Serve as a " trusted advisor" on security architecture and related technologies questions to the Information Security & Global Infrastructure & Operations leaders. Partner as needed across the rest of the organization.
- Develop and maintain a security architecture processes and patterns that enables the enterprise and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers.
- Develop security strategy plans and roadmaps based on enterprise architecture practices.
- Develop and maintain security architecture artifacts (e.g., models, templates, standards, patterns, and procedures) that can be used to leverage security capabilities in projects and operations.
- Track developments and changes in the digital business and threat environments to ensure that they' re addressed in security strategy plans and architecture artifacts.
- Participate in application and infrastructure projects to provide security-planning advice.
- Draft security procedures and standards to be reviewed and approved by the appropriate senior leaders.
- Partner/facilitate the development of baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM).
- Develop standards and practices for data encryption and tokenization in the organization, based on the organization' s data policies.
- Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the global command center (GCC).
- Coordinate with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices.
- Coordinate with the privacy officer or office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization).
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
- Review network segmentation to ensure least privilege for network access.
- Liaise with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls.
- Support the testing and validation of internal security controls, as directed by the CISO or the internal audit team.
- Review security technologies, tools, and services to make recommendations to the broader security team for their use, based on security, financial and operational metrics.
- Liaise with other architects and security practitioners to share best practices and insights.
The Security Solution Architect liaises with important security and risk management constituencies. Specifically, the Security Solution Architect may be expected to work collaboratively with individuals or departments, including:
- Enterprise Architect
- Information Security Group leadership
- Global Infrastructure & Operations leadership
- SOC functional manager and SOC staff
- Project management office (PMO)
- Internal audit
- Application and information owners
- Finance team
QUALIFICATIONS & EXPERIENCE:
- Ten years or more experience in enterprise level security architecture and engineering.
- Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF.
- Direct, hands-on experience or strong working knowledge of managing security elements such as firewalls, intrusion detection/prevention systems (IDS/IPS), web application firewalls (WAFs), endpoint protection, identity & access management, SIEM, encryption technology, data privacy laws (foreign and domestic), etc.
- Verifiable experience reviewing application code for security vulnerabilities.
- Direct, hands-on experience or a strong working knowledge of vulnerability management concepts and tools.
- Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
- Full-stack knowledge of IT infrastructure:
- Operating systems — Windows, Unix and Linux
- IP networks — WAN and LAN
- Storage networks — Fiber channel, iSCSI and NAS
- Backup networks and media
- Direct experience designing IAM technologies and services:
- Active Directory / Azure Active Directory
- Lightweight Directory Access Protocol (LDAP)
- Amazon Web Service (AWS) IAM
- Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
- Change management
- Configuration management
- Asset management
- Incident management
- Problem management
- Experience designing the deployment of applications and infrastructure into public cloud services.
- Payment Card Industry Data Security Standard (PCI-DSS)
- General Data Protection Regulation (GDPR)
- Privacy Practices
- ISO 27001/2
- NIST Cybersecurity Framework (CSF)
- Bachelor’ s Degree in Information Systems, Computer Science, Engineering, or other related fields required. SABSA (Sherwood Applied Business Security Architecture) or CISSP (Certified Information Systems Security Professional) certifications are preferred but not required.
- Adaptability: Demonstrates flexibility within a variety of changing situations, while working with individuals and groups. Changes his or her own ideas or perceptions in response to changing circumstances. Alters standard procedures, when necessary, and multitasks when required.
- Business Acumen: Demonstrates an awareness of internal and external dynamics, and an acute perception of the dimensions of business issues. Conducts research and identifies, collects and analyzes information about markets, economies, technology trends and business operation issues to make informed decisions. Develops approaches and solutions that are clearly linked to the organizational strategies and goals for optimal performance.
- Conceptual Thinking: Synthesizes facts, theories, trends, inferences, and key issues and/or themes in complex and variable situations. Recognizes abstract patterns and relationships among apparently unrelated entities and situations. Applies appropriate concepts and theories in the development of principles, practices, techniques, tools, and solutions.
- Openness to Learning: Takes personal responsibility for personal growth. Acquires strategies for gaining new knowledge, behaviors and skills. Builds on and applies existing knowledge. Engages in learning from others, inside and outside the organization. Tries new approaches and broadens the scope of work to learn from work assignments.
- Strategic planning & organization skills — The Security Solution Architect must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers. Possess the ability to organize multiple high priority tasks, managing the delivery of positive outcomes.
- Communication skills — The Security Solution Architect will be required to translate complex security-related matters into business terms that are readily understood by colleagues. The Security Solution Architect should anticipate presenting analyses in person and in written formats.
- Financial analysis — As part of the due diligence of security technologies, the Security Solution Architect will be expected to evaluate the financial costs of recommended technologies. Specifically, the Security Solution Architect will need to quantify purchasing and licensing options, estimate labor costs for a given service or technology, and estimate the total cost of operation (TCO), the ROI, or the payback period for services or technologies replacing existing capabilities.
- Project management — Security services and technology implementations will require solid project management skills. The Security Solution Architect will be expected to draft project plans for security service and technology deployments and coordinate with stakeholders across the organization.
Meet Your Recruiter
Recruiting Director, Information Technology
Pattie joined the Connors Group team in 2017. Knowing how it’s important to always try and make the right impression with each interaction; Pattie personally feels that clients look for a Recruiter who demonstrates honesty, integrity, as well as trust. When proactively developing a strategic partnership, clients want to know that they can depend on you to deliver the most qualified candidates for their current openings. As a recruiter, she embodies that value in demonstrating passion in her work; evident as they encounter the level of excitement in describing past achievements or enthusiasm in approach to find the most qualified talent for their team!
Pattie strongly feels that candidates prefer that their career is centered around their quality of life. The chance to express preferences for a new job while feeling secure helps encourage them to do what they do best. Quality candidates like to be presented with long-term opportunities where they can see how their skills align with each company. Alternately, people who just feel comfortable tend to base any opportunity on what they currently need in order to make ends meet. Pattie embodies these values by matching the candidate to a position that provides an opportunity to learn, progress, and contribute to the company. Team work is always very key when it comes to empowering an individual to hone their expertise; allowing them the chance to grow within any organization.
Summoning the courage and strength to start her own business while also starting a family is something Pattie is very proud of. Obtaining that perfect balance is always a key challenge, but you need to totally embrace it in order to overcome it. A Director at her former company referred to her as “fearless” …and while she never thought of herself like that, hearing the complement did make her very proud! Her goal is to continue to have a stimulating career; providing open, supportive collaboration to inspire opportunity in the market. She would like to be positioned as someone who is focused on fostering strength in others! Outside of the office, Pattie loves skiing with her family… typically taking a trip out west every year. Going bike riding and taking family vacations are great. She loves summers at a Long Island beach home, going fishing with her boys and spending time at the pool and at the beach!