What are the responsibilities and job description for the Enterprise Security Architect - RH position at Reyes Holdings?
Enterprise Security Architect - RH
- Job ID #:59451
- Position Type:Full Time
- Location:Rosemont, IL
- Shift:Shift 1 (Day)
- Department:Information Technology and Technical Support
- Education Required:Bachelors Degree
- Experience Required:7 - 10 Years
Position Description:
Position Summary:
The Enterprise Security Architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices. The Enterprise Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.
Position Responsibilities may include, but not limited to:
- Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
- Develop security strategy plans and roadmaps based on sound enterprise architecture practices
- Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
- Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
- Participate in application and infrastructure projects to provide security-planning advice
- Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, identity and access management (IAM), and endpoint protection
- Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
- Coordinate with the privacy officer or office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
- Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:
- Software as a service (SaaS) providers
- Platform as a service (PaaS) providers
- Cloud/infrastructure as a service (IaaS) providers
- Managed service providers (MSPs)
- Evaluate the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assess the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to the CISO and vendor management teams
- Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
- Coordinate with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems
- Liaise with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs
- Other projects or duties as assigned.
Position Requirements:
Required Skills and Experience:
- Bachelor's degree in computer science, information systems, cybersecurity, or a related field.
- 8 years direct, hands-on experience or strong working knowledge of:
- Managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology
- Reviewing application code for security vulnerabilities
- Vulnerability management tools
- Methodologies to conduct threat-modeling exercises on new applications and services.
- Full-stack knowledge of IT infrastructure:
- Applications
- Databases
- Operating systems - Windows, Unix and Linux
- Hypervisors
- IP networks - WAN and LAN
- Storage networks - Fibre Channel, iSCSI and NAS
- Backup networks and media
- Direct experience designing IAM technologies and services:
- Active Directory
- Lightweight Directory Access Protocol (LDAP)
- Azure Active Directory
- Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
- Change management
- Configuration management
- Asset management
- Incident management
- Problem management
- Experience designing the deployment of applications and infrastructure into public cloud services.
- Strategic planning skills - Must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers.
- Communication skills - Translate complex security-related matters into business terms that are readily understood by colleagues. Experience presenting analyses in person and in written formats.
- Financial analysis - Evaluate the financial costs of recommended technologies. Ability to quantify purchasing and licensing options, estimate labor costs for a given service or technology, and estimate the total cost of operation (TCO), the ROI, or the payback period for services or technologies replacing existing capabilities.
- Project management - Solid project management skills. Experience drafting project plans for security service and technology deployments and coordinate with stakeholders across the organization.
- This position must pass a post-offer background and drug test.
Preferred Skills and Experience:
- Master's Degree in computer science, information systems, cybersecurity, or a related field.
- Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
- The ideal candidate will maintain one or more of the following certifications.
- ISC2's CISSP ( https://www.isc2.org/cissp/default.aspx )
- ISACA's CISM ( http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx )
- ISACA's CISA ( http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Pages/default.aspx )
- The Open Group's TOGAF (https://www.opengroup.org/togaf/cert/docs/faq.html)
- SANS' GAIC ( http://www.giac.org/certifications/categories )
- The ideal candidate will have documented experience with the following:
- Regulations, Standards and Frameworks
- Payment Card Industry Data Security Standard (PCI-DSS)
- HIPAA-HITECH
- Validated Systems (e.g., GAMP)
- Sarbanes-Oxley
- General Data Protection Regulation (GDPR)
- Privacy Practices
- ISO 27001/2
- NIST Cybersecurity Framework (CSF)
- ITAR
- Industry, Market or Sector Experience
- Food and/or beverage Distribution
- Manufacturing
Physical Demands and Work Environment :
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions. Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.
#LI-DS1
As an Equal Opportunity Employer, Reyes Holdings companies will recruit and select applicants for employment solely on the basis of their qualifications. Our Practices and Procedures, including those relating to wages, benefits, transfers, promotions, terminations and self-development opportunities, will be administered without regard to race, color, religion, sex, sexual orientation and gender identity, age, national origin, disability, or protected veteran status and all other classes protected by the Federal and State Government. Drug Free Employer.
- Job ID #:59451
- Position Type:Full Time
- Location:Rosemont, IL
- Shift:Shift 1 (Day)
- Department:Information Technology and Technical Support
- Education Required:Bachelors Degree
- Experience Required:7 - 10 Years
Position Description:
Position Summary:
The Enterprise Security Architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices. The Enterprise Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.
Position Responsibilities may include, but not limited to:
- Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
- Develop security strategy plans and roadmaps based on sound enterprise architecture practices
- Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
- Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
- Participate in application and infrastructure projects to provide security-planning advice
- Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, identity and access management (IAM), and endpoint protection
- Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
- Coordinate with the privacy officer or office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
- Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:
- Software as a service (SaaS) providers
- Platform as a service (PaaS) providers
- Cloud/infrastructure as a service (IaaS) providers
- Managed service providers (MSPs)
- Evaluate the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assess the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to the CISO and vendor management teams
- Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
- Coordinate with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems
- Liaise with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs
- Other projects or duties as assigned.
Position Requirements:
Required Skills and Experience:
- Bachelor's degree in computer science, information systems, cybersecurity, or a related field.
- 8 years direct, hands-on experience or strong working knowledge of:
- Managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology
- Reviewing application code for security vulnerabilities
- Vulnerability management tools
- Methodologies to conduct threat-modeling exercises on new applications and services.
- Full-stack knowledge of IT infrastructure:
- Applications
- Databases
- Operating systems - Windows, Unix and Linux
- Hypervisors
- IP networks - WAN and LAN
- Storage networks - Fibre Channel, iSCSI and NAS
- Backup networks and media
- Direct experience designing IAM technologies and services:
- Active Directory
- Lightweight Directory Access Protocol (LDAP)
- Azure Active Directory
- Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
- Change management
- Configuration management
- Asset management
- Incident management
- Problem management
- Experience designing the deployment of applications and infrastructure into public cloud services.
- Strategic planning skills - Must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers.
- Communication skills - Translate complex security-related matters into business terms that are readily understood by colleagues. Experience presenting analyses in person and in written formats.
- Financial analysis - Evaluate the financial costs of recommended technologies. Ability to quantify purchasing and licensing options, estimate labor costs for a given service or technology, and estimate the total cost of operation (TCO), the ROI, or the payback period for services or technologies replacing existing capabilities.
- Project management - Solid project management skills. Experience drafting project plans for security service and technology deployments and coordinate with stakeholders across the organization.
- This position must pass a post-offer background and drug test.
Preferred Skills and Experience:
- Master's Degree in computer science, information systems, cybersecurity, or a related field.
- Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
- The ideal candidate will maintain one or more of the following certifications.
- ISC2's CISSP ( https://www.isc2.org/cissp/default.aspx )
- ISACA's CISM ( http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx )
- ISACA's CISA ( http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Pages/default.aspx )
- The Open Group's TOGAF (https://www.opengroup.org/togaf/cert/docs/faq.html)
- SANS' GAIC ( http://www.giac.org/certifications/categories )
- The ideal candidate will have documented experience with the following:
- Regulations, Standards and Frameworks
- Payment Card Industry Data Security Standard (PCI-DSS)
- HIPAA-HITECH
- Validated Systems (e.g., GAMP)
- Sarbanes-Oxley
- General Data Protection Regulation (GDPR)
- Privacy Practices
- ISO 27001/2
- NIST Cybersecurity Framework (CSF)
- ITAR
- Industry, Market or Sector Experience
- Food and/or beverage Distribution
- Manufacturing
Physical Demands and Work Environment :
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Due to the nature of our business in regard to such things as delivery schedules, order inputs, selection, and Department of Transportation Hours of Service, overtime, attendance and punctuality are essential job functions. Should an individual in this classification not be able to adhere to this requirement due to a disability, they should contact their Human Resources department to see what, if any, reasonable accommodation may be made.
#LI-DS1
As an Equal Opportunity Employer, Reyes Holdings companies will recruit and select applicants for employment solely on the basis of their qualifications. Our Practices and Procedures, including those relating to wages, benefits, transfers, promotions, terminations and self-development opportunities, will be administered without regard to race, color, religion, sex, sexual orientation and gender identity, age, national origin, disability, or protected veteran status and all other classes protected by the Federal and State Government. Drug Free Employer.
Enterprise Architect
Contact Government Services, LLC -
Chicago, IL
Enterprise Architect
CGS Federal (Contact Government Services) -
Chicago, IL
Enterprise Architect
Artizen Staffing -
Chicago, IL