Information Security Architect
If you're interested please send resume to email@example.com
The Security Architect is responsible for providing technical thought leadership for enterprise security architecture and implementations. This person acts as a collaborative liaison between multiple groups (e.g. Enterprise Architecture, Information Security, other functional areas) to provide a risk-based and solution-focused perspective on technical security matters. This person will be a skilled communicator who is able to accurately portray genuine security risk while also defining specific remediation steps that are consistent with the Lowe’s business model. The Security Architect will have high level technical skills coupled with an ability to effectively communicate specific business solutions while building consensus on security decisions. This role is action and solution oriented with an emphasis on architecting security solutions that enable the corporation to meet business goals.
• Work with Enterprise Architecture peers, domain level design authorities and subject matter experts to:
o Develop and validate coordinated security architecture strategies
o Create and evolve coordinated security technology roadmaps
o Establish and govern security architecture standards
o Document and evangelize reusable security architecture patterns
• Work with Information Security, Enterprise Architecture, and other groups for the development, delivery, and management of a comprehensive Information security program.
• Provide forward-looking and business-focused input on ensuring that corporate systems and processes meet appropriate security requirements.
• Provide solutions-based technical and security leadership that not only identifies risks but also provides clear and workable remediation activities to support corporate goals.
• Work collaboratively with functional and project teams providing input, recommendations and specifications in order to ensure that implementations are designed to comply with corporate security policy, standards and industry best practices. This requires a very high level of consensus-building and communications skills.
• Work with Lowe’s Solution and Infrastructure Architects to define and document information security solution architectures
• Provide feedback across multiple centers of excellence on matters dealing with information security. This will require both (1) broad technical knowledge and (2) the ability to garner internal and external subject matter experts on particular technologies.
• Keep current on industry trends, the latest security technology and the direction our security- related vendors are taking their products
• Coordinate technical design/review activities with application development, enterprise architecture, information security, systems, network, database, and other groups to develop secure frameworks and enterprise applications.
• Participate in Technical Architecture Review Board
Required skills, abilities, and certifications
• 8+ years in security architecture for large enterprises.
• Very strong collaboration and leadership skills.
• Experience mentoring solution delivery teams in Lowe’s security practices.
• Ability to conceptualize security architecture and rationalize security controls.
• Thorough knowledge and the ability to understand the application of PCI and SOX compliance standards to retail situations.
• Experience in writing security architecture standards, policies and procedures
• Strong background in computer/network security, authentication/authorization, application security protocols, cryptography, and key management
• Experience with software and security architectures and evaluation and development of approaches to solutions.
• Experience in threat modeling, risk assessments, application and network vulnerability assessments
Recommended skills, abilities, and certifications
• CISSP strongly encouraged
• Relevant experience with security related industry standards and practices such as guidance from DISA STIGs, OWASP, NIST (800 series), and Cigital (BSIMM)
• Working knowledge of TOGAF and other architecture methodologies.
• Firewall, router, switch administration experience