• Assess client and Gainwell Identity and Access Management (IAM) environments, including directory services, identity governance and administration systems
• Identity provider systems, system architectures, and interdependencies (IAM and non-IAM)
• Identify gaps and opportunities for improvement
• Assess business needs and opportunities that impact or are dependent on IAM-related systems
• Participate in IAM business strategy creation, such as value proposition development
• Create business and technical solution requirements, solution architectures, and system specifications
• Work at an enterprise level in support of requirements to simplify, modernize, integrate, and/or federate
• Apply IAM product-specific and/or domain-specific expertise during assessments and client conversations, such as pros and cons of different solution sets, and technical interdependencies between new and existing systems
• Support solution development activities led by others, providing estimates for people, process, and technologies
• Maintain awareness of the industry IAM landscape, including emerging technologies, supplier competition, and general client needs and preferences

Skills: IAM Assessment, Directory Services, Identity Governance, Solution Architecture, System Integration, Business Analysis, Technical Specification, Product Knowledge

• Architect and design security solutions that enforce security consistently across internally developed, commercial-off-the-shelf and cloud-based applications
• Perform security architecture reviews
• Act as a subject matter expert to interpret the results from vulnerability scans (dynamic testing and static code analysis) and work with developers to remediate the vulnerabilities
• Monitor and triage vulnerabilities reported by vendors and researchers
• Develop and document the current state and target security architecture documentation, utilizing industry standards combined with threat modeling and risk-based methodologies
• Develop and document security patterns that articulate repeatable, architecturally compliant implementation patterns for applications, cloud services and core security controls e.g., S3, encryption, and identity management
• Conduct penetration testing of internally developed applications
• Evangelize application security and secure development practices
• Evaluate/apply new and emerging security technologies and solutions to keep Lending Club secure
• Lead the development of architecture frameworks, principles and capability models, principles and standards
• Ensure the inclusion of compliance requirements in key developments through the development of standards and NFRs
• Working with project managers and the PMO function to provide technical solution architecture support for ongoing projects
• Ensure security architecture is represented and principles enforced through the existing governance forums - TDA
• Contribute to the ongoing development of information security policy, standards and guidance
• Work within the Architecture team to improve standing processes and procedures
• Remain current with technology trends and product development by working with suppliers and industry forums

Skills: Security Architecture, Vulnerability Analysis, Threat Modeling, Security Patterns, Penetration Testing, Application Security, Compliance Standards, Technical Support

• Communicate complex security architectural concepts and principles to technical and non-technical audiences
• Work cross-departmentally to develop meaningful reference architectures that support and align with product teams, system capabilities, and technology strategies, roadmaps, and goals
• Support change and identify major areas of technology infrastructure development and anticipate future information security requirements for enterprise systems
• Help develop strategic plans, technology roadmaps, and solution designs
• Maintain the risk management program and work with product owners to perform routine risk assessments
• Maintain the risk register and risk treatment plan and communicate the status of risks to the Risk Council and stakeholders
• Work with product owners and external suppliers to drive risk remediations
• Integrate information security into the project intake process
• Perform risk assessments at the beginning of each project to ensure information security risks are identified and addressed as part of the project lifecycle
• Develop information security objectives to include in project objectives and planning. 
• Present necessary controls based on existing policies and regulatory requirements, threat models, incident reviews, and vulnerability thresholds to include in the project

Skills: Security Communication, Reference Architecture, Risk Management, Strategic Planning, Risk Assessment, Remediation Support, Project Integration, Control Development

• Requires the involvement of each phase of the project if warranted by the risk assessment
• Develop and maintain the vulnerability management program including annual Penetration Test scoping, engagement, and corrective actions
• Maintain Vulnerability Management Policy, tooling, and processes for regular assessments, monitoring, reporting, and evaluation of vulnerabilities and remediation for all enterprise manufacturing and information systems
• Define procedures to address situations where vulnerabilities have been identified but no countermeasures exist
• Maintain the Supplier Risk Program by performing initial risk assessments on supplier services before onboarding and engagement
• Perform routine risk assessments on existing supplier engagements, and monitor supplier security obligations for compliance
• Develop and continuously improve an up-to-date information security management framework based on ISO27001:2013
• Help oversee the safeguarding of consumer, employee, customer, and supplier information, intellectual property, and financial artifacts
• Help maintain a document framework of continuously up-to-date information security policies, standards, and guidelines
• Foster a collaborative culture of trust, accountability, and performance, empowering Rain Makers to reach their potential

Skills: Vulnerability Management, Risk Assessment, Penetration Testing, Supplier Risk, Policy Development, ISO Framework, Information Protection, Security Compliance

• Define and communicate the vision, principles and strategy for Information Security
• Ensure that all technology services, including Red, Flying Club, Virgin.com and numerous interfaces with third parties, operate securely and effectively and continuously improve
• Ensure that the security by design principle and practices are built into all new product developments and third-party products
• Advise and enable technical teams to make security decisions and provide advice and guidance, ensuring the effective use of common tools and patterns
• Work on services of high complexity and risk, making decisions to enable the business to achieve its objectives
• Collaborate with the wider business on developing security goals, defining metrics and ensuring the Information Security roadmap supports business goals
• Drive Security Compliance and maintain ISO27001 certification
• Drive Information Security’s risk management program
• Manage Information Security risk and communicate to the business and relevant stakeholders
• Manage Vendor Security Risk by performing security assessments of third-party vendors, partners and service providers
• Define and manage VR's Cyber Incident Response and ensure that the incident response processes are properly implemented, tested and every incident is properly handled and escalated
• Responsible for reviewing and threat modelling designs, infrastructure, internal applications and networks to raise risks and define security requirements
• Organise Information Security testing activities
• Responsible for promoting security awareness in the organisation and inspiring and influencing employees to follow security best practices
• Advising teams in VR and ensuring secure design across projects and technologies, to ensure compliance with the ISMS
• Ensuring that the Information Security policies are developed, communicated and adopted within VR
• Manage routine IT security auditing and monitoring
• Responsible for driving security investigations after Incident Identification
• Research, identify, validate and adopt new technologies and methodologies

Skills: Security Strategy, Secure Design, Technical Guidance, Risk Management, Compliance Oversight, Vendor Assessment, Incident Response, Security Awareness

• Develop security policies, standards, and procedures to enhance the overall posture of information security
• Conduct risk assessments to ensure the confidentiality, integrity, and availability of information assets across the enterprise
• Conduct asset discovery to inventory all ICS and OT equipment
• Design and implement information security systems that support the Information Security roadmap for risk management
• Build security designs, standards, and procedures to support the implementation of the security architecture strategic roadmap
• Develop, document, and enforce security policies, standards, procedures, and guidelines relative to the enterprise landscape
• Coordinate deeply technical and environment-specific solutions for numerous issues across IT Applications, Mechanical, Operations, and Communications and Signaling
• Lead asset discovery efforts in conjunction with business partners and vendors
• Participate in industry interoperable committees for standards and specifications development
• Collaborate with the Security Architecture team and perform Security Architecture duties
• Review and approve security variances to established ISPPD policies
• Review and approve requests for firewall changes
• Conduct risk assessments of enterprise initiatives, including external service providers and suppliers
• Monitor security updates, technologies, and best practices to improve corporate information security
• Assist in the execution of, and response to, regulatory changes affecting information security
• Follows up on developed compliance plans to ensure completion
• Assist the incident response team for threats for computer/network forensics investigation

Skills: Policy Development, Risk Assessment, Asset Discovery, Security Design, Standards Enforcement, Technical Coordination, Firewall Review, Incident Response

• Responsible for information security systems architecture and/or data engineering
• Responsible for managing and participating in the solution identification, evaluation, selection, and implementation of security-related tools, controls and services for IT projects, and other initiatives
• Assists in the selection and integration of products and solutions that align with operational and architectural requirements
• Analyzes commercial information security products and services and recommends solutions
• Responsible for the administration of the data security platforms, their configuration, policies, and reporting
• Operates the data security platforms and related technical security controls including research, recommendations and implementation
• Guides and coaches project team members in the identification, development, and completion of deliverables consistent with information security policy and standards
• Responsible for ensuring that information security standards are understood and adhered to on projects, documentation is completed, and assignments are completed accurately and on time
• Makes recommendations and assists in implementing changes to work processes and procedures to strengthen and improve company security measures
• Provides security consulting and project management services on highly complex information security projects and issues
• Facilitates meetings with cross-functional teams to establish the creation of current and future state information security models
• Analyzes impacts to current architectures, processes, and procedures
• Creates recommendations and proposals
• Works with developers and IT Engineers during new product design to help ensure security best practices are implemented
• Identifies and evaluates potential threats and vulnerabilities (either detected internally or publicly announced) that could impact the company’s applications or infrastructure and recommends mitigating controls to reduce the company’s risk

Skills: Security Architecture, Tool Selection, Product Analysis, Data Security, Platform Operation, Standards Compliance, Security Consulting, Threat Evaluation

• Remains current on security threats, emerging information security technology, and industry best practices and trends
• Disseminates information security information throughout the company to provide clarity and protect against security threats
• Creates data security reports for individual and collective platforms and performs database vulnerability and penetration assessments
• Participates in architectural governance activities and processes
• Provides information security contract requirements based on data classification and mission criticality
• Works with the Database Administrators (DBA), System Administrator and User Administration staff in developing proper database access control methods and minimum security baselines
• Provides subject-matter expertise and support to project teams
• Participates fully in change management across IT and IT infrastructure
• Coordinates changes with other areas of the IT department
• Participate in the Security Incident Response Team (SIRT) responding to incidents that may occur
• Participates in disaster recovery tests including verifying scripts and performing mock disaster recoveries
• Maintains working knowledge and understanding of information security, risk management, and regulatory compliance topics
• Participates in professional industry groups, creates a network of key contacts, and researches topics to stay abreast of information security industry changes

Skills: Threat Awareness, Security Reporting, Governance Participation, Contract Requirements, Access Control, Project Support, Change Management, Incident Response

• Develop a comprehensive enterprise information security architecture based on the information security strategy
• Provide technical thought leadership to advise technology development teams and partners in approaches to building secure systems
• Monitor the threat landscape for new and emerging threats and develop appropriate responses to mitigate the resulting risks
• Institute and evangelize information architecture practices throughout the enterprise
• Create and nurture a culture of proactive information security through effective employee training and engagement
• Integrate security throughout an Agile Scrum technology delivery process
• Evaluate the technical security architecture of third-party vendor solutions as part of the security evaluation and selection process
• Ensure information security architecture is compliant with relevant regulations for a publicly traded restaurant and/or retail organization including SOX, PCI-DSS, CCPA, etc
• Advise and partner with Cracker Barrel’s Managed Security Services (MSS) partner to support Cracker Barrel’s security operations
• Establish a technical approach to measuring and evaluating Key Performance Indicators (KPIs and Service Level Objectives (SLOs) to drive iterative improvement in security capabilities and maturity

Skills: Security Architecture, Technical Leadership, Threat Monitoring, Agile Integration, Vendor Evaluation, Regulatory Compliance, MSS Partnership, KPI Development

• Improve the accomplishments of the security team by planning the delivery of solutions, answering technical and procedural questions asked by less experienced team members, teaching the new and improved processes, and mentoring junior team members
• Plan and architect security systems by evaluating network and security technologies, develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices
• Designs public key infrastructures (PKIs), including the use of certification authorities (CAs) and digital signatures as well as hardware and software adhering to industry standards
• Implement security systems by specifying intrusion detection methodologies and equipment, by direct equipment and software installation and calibration to prepare preventive and reactive measures
• Providing technical support and completing documentation
• Verify the efficacy of deployed security systems by developing and implementing test scripts
• Maintain security by monitoring and ensuring compliance with standards, policies, and procedures
• Conducting incident response analyses
• Developing and conducting training programs
• Upgrade security systems by monitoring security publications and news, and by monitoring the security environment
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Prepare system security reports for both technical and non-technical audiences by collecting, analyzing, and summarizing data and trends
• Update job knowledge by tracking and understanding emerging security practices and standards
• Participating in informative opportunities
• Reading professional publications, maintaining personal networks and participating in professional organizations
• Improve departmental and organizational reputation by accepting ownership for accomplishing new and different requests
• Exploring opportunities to add value to job accomplishments

Skills: Team Mentoring, Network Architecture, PKI Design, System Implementation, Technical Support, Compliance Monitoring, Incident Analysis, Security Training

• Performs Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents
• Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation
• Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
• Evaluate firewall change requests and assess organizational risk
• Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications and operating systems
• Assists with the implementation of counter-measures or mitigating controls
• Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance
• Analyzes the information systems to ensure that appropriate security functions have been included in the system's design and architecture
• Performs preliminary forensic evaluations of internal systems
• Leads the development and implementation of the information systems security programs
• Guides the creation and maintenance of Standard Operating Procedures and other similar documentation
• Maintains current knowledge of relevant technology
• Participates in special projects

Skills: Incident Response, IDS Monitoring, Intrusion Analysis, Firewall Evaluation, Risk Communication, Mitigation Implementation, System Audits, Forensic Evaluation

• Participate in the design and development of information security technology solutions to align with industry and FH information security standards
• Evaluates and recommends third-party solutions
• Acts as project leader on assigned projects by developing Information Security project plans and charters, identifying major project milestones, associated tasks and timelines, managing deliverables and evaluating project outcomes
• Join the team in leading the security vision and strategy on security architectures of applications, programs and innovative initiatives
• Provide expert technical security advice and consultation to internal and external stakeholders
• Monitor information security tracking systems, network and access controls and compliance systems
• Assist management and staff to ensure information security is considered in the design and/or redesign of programs, services, projects and initiatives
• Investigate information security incidents and provide information security training, education and awareness
• Design and architect security systems to mitigate risk and protect computer systems and sensitive information, leveraging automation and analytics
• Establish security standards for all medical center computing devices, including, but not limited to Solaris, Linux, Windows, Apple, etc.
• Serve as the key representative of the security domain on the Architecture Review Board, providing security architecture, design, and engineering plans for implementation for significant UCM IT strategic projects
• Implement and maintain enterprise security controls and monitoring systems
• Participate in cybersecurity strategic planning processes to ensure new technologies and processes are established, which will increase the maturity and resiliency of the UCM cybersecurity program

Skills: Security Design, Vendor Evaluation, Project Leadership, Security Strategy, Technical Consulting, Access Monitoring, Incident Investigation, Security Standards

• Drives the development of an enterprise security strategy aligned with NIST CSF1.1, with a focus on People, Processes, and Technology
• Contributes to the creation of information security technology strategies and roadmaps based on business strategy, cybersecurity assessments, IT trends and the overall threat landscape
• Contributes to the development of information security architectures that align with assessment remediation requirements, reference architectures, design patterns and technology standards
• Collaborates with Principal Architects to develop and document reference architectures and architectural patterns
• Collaborates with IT and Business partners to deliver security technology roadmaps
• Learns and masters innovative security technologies witha  focus on the 1-3 year transformation of Cardinal Health
• Drives incubation of innovative and transformative security technologies
• Provides security architecture guidance on large-scale, complex projects
• Ensures project adherence to information security remediation efforts during solution build and implementation
• Participates in cybersecurity control assessments, providing risk-based gap analysis and prioritized remediation recommendations
• Effectively communicates the impact of cybersecurity gaps to diverse audiences
• Builds consensus across peer teams in Information Security and drives transformational growth amongst all parties involved
• Mentors and educates less experienced employees in the organization
• Design security controls for emerging technologies (IoT, cloud technologies, automation, AI, etc.)

Skills: Security Strategy, Architecture Design, Risk Analysis, Tech Roadmaps, Cyber Assessment, Emerging Tech, Reference Models, Security Controls

• Perform cyber architecture reviews in alignment with Daimler AG, IT Enterprise Architecture, IT Identity and Access Management and other relevant stakeholder requirements
• Leverage global tools and techniques to consistently capture, model and analyze security architecture options
• Establish concepts for secure integration of systems/networks, ensuring end-to-end security for data flows
• Take part in projects to ensure the proposed/implemented architecture is in line with security requirements
• Contribute to business integrations after acquisitions/mergers to ensure these are commenced in line with security standards
• Review existing architectures to identify opportunities to incorporate innovative approaches including Cloud Security Architecture, Mobile Platforms and Secure Web Gateway (e.g., API Security)
• Work closely with the development teams to understand applications in depth to document the application details including the security architecture, attack surface, trust boundaries and data flows
• Develop Threat Models that enumerate cybersecurity threats by attack surface
• Document and verify the existing security mitigations and identify if additional mitigations are required for products
• Find risk-based threats and articulate to the business why this threat is a risk
• Reviewing application code against the secure coding baseline and practices
• Keep up with the latest methods for ethical hacking and testing
• Assist development teams in understanding security issues, relevant risk levels and their likelihood
• Plan and create penetration methods, scripts and tests
• Advise on methods to fix or lower security risks to systems
• Create reports and recommendations from findings

Skills: Cyber Architecture, Threat Modeling, Security Reviews, Secure Integration, Risk Assessment, Code Review, Penetration Testing, Cloud Security

• Help set strategic direction for information security initiatives, processes and standards
• Research, evaluate and drive next-generation security technologies and concepts to keep security ahead of the curve
• Build relationships and collaborate with other architects across IT to ensure all visions are aligned
• Conduct and attend project meetings to provide security and governance input throughout project life cycles
• Influence decision-makers in the areas of secure network design, access/authentication controls, IaaS and others
• Coordinate risk assessments of IT projects and systems
• Create end-to-end security solutions involving a mix of technical and organizational requirements
• Monitor changes in the legislative, regulatory and contractual landscape
• Ensure that the information security program is always at least one step ahead
• Mentor more junior information security team members

Skills: Security Strategy, Risk Assessment, Network Design, Security Governance, Technical Solutions, Regulatory Monitoring, Security Architecture, Team Mentoring

• Adopt security standards for the API lifecycle and disseminate them across development and security teams
• Enforce rigorous security controls with internal and external constituents and follow through for verification and consistency
• Document and provide ongoing maintenance of materials to eliminate discrepancies in development and security best practices
• Focus on automation and pipeline orchestration to aid in efficiencies and consistency with both testing and production
• Develop authentication and authorization security requirements to adhere to credential storage, privilege management and authenticity standards
• Support role- and attribute-based access control
• Work in tandem with developers to provide repetitive validation testing before production that allows for a continuous cycle of development, followed by application security assessments
• Regularly monitor the security community for public-facing security issues as well as to learn new tactics for securing data transmissions and reducing attack exposure
• Attend and participate in application projects, change management committee meetings, and internal security committees
• Interacting with business units and technical teams to understand what is coming and how projects can be more secure from the beginning
• Leverage security standards and implementation configurations, as well as common security frameworks
• Document secure delivery and implementation advancements that meet defined service-level agreements (SLAs) and business metrics
• Align with architects and development teams for a mission of secure design and data integrity preservation among users, apps and infrastructure
• Mentor less experienced members of the team to help build a strong culture and improve security efficacy
• Actively participate in and lead security team meetings that facilitate secure design
• Perform testing and validation to identify any vulnerabilities that inject or intercept data in APIs
• Understand and leverage encoding and tokenization processes
• Develop security test plans from architectural designs, identify deficiencies and make enhancements to ensure production is not impacted

Skills: API Security, Access Control, Security Automation, Secure Design, Threat Monitoring, Tokenization Techniques, Validation Testing, Security Mentoring

• Provide technical guidance and support to customers, partners and subcontractors (internal and external) and less experienced team members to achieve the project’s security goals
• Design the global security architecture by analysing the security requirements prepared by the Chief Security Officer
• Studying IT architecture/platform, and project constraints
• Select System security controls for threat prevention (Antivirus) and monitoring (vulnerability scanner), for log management and monitoring (SIEM), for hardening of operating systems (Linux, Windows), and for security patch deployment adhering to industry standards
• Define detailed requirements for public key infrastructures (PKIs), including use of certification authorities (CAs) and digital certificates (signature …) as well as associated hardware (HSM) and software
• Adhering to industry standards
• Plan the security controls implementation, identifying integration issues
• Preparing associated cost estimates
• Provide technical support during the implementation phase
• Completing and validating security documentation
• Verifies system security by documenting and implementing test procedures
• Maintains security by monitoring and ensuring compliance to standards, policies, and procedures
• Conducting incident response analyses
• Developing and conducting training programs
• Upgrades security systems by monitoring the security environment, identifying security gaps, evaluating and implementing enhancements
• Prepares system security reports by collecting, analysing, and summarizing data and trends
• Updates job knowledge by tracking and understanding emerging security practices and standards
• Participating in educational opportunities
• Enhances department and organization reputation by accepting ownership for accomplishing new and different requests
• Exploring opportunities to add value to job accomplishments

Skills: Security Architecture, Threat Prevention, PKI Design, SIEM Integration, Incident Response, System Hardening, Security Compliance, Technical Guidance

• Work directly with technical teams (e.g. Engineering, Cloud, IT) to conduct secure architecture reviews and to design, analyze, and/or recommend secure infrastructure and tooling
• Lead major projects/initiatives that involve large security tool deployments or engineering efforts
• Implement hands-on infrastructure-as-code and security automation tools to secure cloud workloads, with a preference for leveraging/creating open-source tools
• Enhance security engineering infrastructure and systems that are continuously evaluating the threat landscape for Appian’s operations and service offerings
• Serve as a trusted advisor and expert in security engineering domains to other teams and peers with their use of cloud computing and/or modern technologies
• Serve as a mentor to other engineers on the security team
• Contribute ideas to improve the security posture and detections in the security program
• Help shape the security detection, enrichment, and threat intelligence roadmap
• Stay knowledgeable about the cutting edge of information security, threats, tools, and techniques
• Providing security-focused technical evaluation and research to various security products, vendor offerings, and technical solutions, developing prototypes,
• Evaluating internal processes, tools and leading technical evaluation from a security strategy perspective
• Providing mentorship/guidance on emerging security technologies and competitive trends to engineering and security teams
• Develop technical research/recommendations, security white papers/briefs, and enhance and scale Security Strategy and Operations
• Actively use, understand, and evaluate security products alongside business needs and translate observations into roadmap objectives that promote high-impact security improvements
• Bring to bear technical skills to build plans, identify dependencies and risks, help teams remove impediments, and ensure smooth releases
• Serve as the catalyst organization's connective tissue for the end-to-end service planning and delivery process

Skills: Secure Architecture, Cloud Security, Security Automation, Infrastructure Hardening, Threat Intelligence, Security Mentoring, Tool Evaluation, Detection Engineering

• Work in the Chief Information Security Officer (CISO) office under the Director of IT Security Architecture
• Transform healthcare with business-aligned agile, repeatable and standardized security technology ready for new emerging threats
• Actively participate in a product team and work with the business and engineering teams to articulate security requirements in a way that leads to the secure creation and enhancement of the product
• Ensure products are built and sustained with security and compliance by design
• Influence and communicate effectively with non-technical audiences including senior product and business management
• Drive security as an integrated component in digital product success by collaborating closely with product delivery teams
• Develops product strategies, vision and roadmaps that align with the architecture and technology direction of the business unit, consistent with enterprise priorities as agreed with product-line management
• Embeds with product teams to ensure full transparency and no surprises, keeping product stakeholders up to date with the latest on delivery status, product security risks and scope changes
• Track developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts
• Evaluates new products, methods, and technologies to protect against existing and emerging security threats
• Coordinate with DevOps teams to advocate secure coding practices
• Act as the communicator of the vision to translate the product strategy and vision developed with business stakeholders into what the product team must bear in mind to ensure security and compliance are embedded
• Conduct Preliminary Security Assessment Reviews and Security Risk Assessments
• Document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommend controls to ensure adequate protection
• Review security technologies, tools and services, and make recommendations
• Provide leadership, mentorship and advisory services to IT, business and project teams to ensure that solutions are in line with the architecture direction and business strategies
• Attend change management meetings
• Work across the company to drive adoption of technical standards, design principles and architecture patterns
• Represents security interests to project teams by ensuring security standards and requirements are defined as part of the deliverables
• Provides input and guidance on adherence to defined security requirements and/or means to address any identified gaps

Skills: Security Architecture, Product Security, Risk Assessment, Threat Monitoring, DevSecOps Advocacy, Secure Design, Compliance Strategy, Technical Leadership

• Create high-level conceptual and logical security architecture plans, roadmaps and designs for the security technology portfolio
• Consult, advise or oversee the secure design of key Tech system and infrastructure projects to ensure alignment with enterprise security architecture
• Provide thought leadership for major Tech implementation decisions
• Forecast enterprise technology investment needs for 1-3 years in line with security architecture roadmaps
• Prepare architectural designs and strategies for key security investments
• Lead in the evaluation of enterprise security technology platforms and products
• Engage with key external vendors and partners to identify innovative solutions, keep abreast of security and technology emerging trends, and promote proof-of-concept trials of promising innovative solutions
• Possesses, leads, and applies knowledge for the development of security solutions and architectures for clients
• Evaluate information assurance/security standards and procedures
• Supports Authorizing Official (AO) actions by developing and delivering accreditation packages with supporting documents and artifacts by RMF as defined in NIST 800-37 revision 2 and related agency-specific RMF requirements
• Provides input into an Audit and Accountability Plan containing methods, procedures, and planned reviews for the continuing accreditation and authorization against AU (Audit and Accountability) family controls per NIST SP 800-53 guidance
• Provides input and implements an organizational access control policy and plan in compliance with risk levels defined in the National Institute of Standards and Technology (NIST) 800-53, rev 4, Access Control family of controls, to include auditing annually
• Develop processes and procedures for evaluating and documenting information system security vulnerabilities IAW DoD Instruction (DoDI) 8510.01 (RMF for DoD IT)
• Supports implementation of Multi-Factor Authentication (MFA) and single sign-on (SSO) IAW DoDI 8520.02, DoDI 8520.03, and other applicable policies and regulations
• Develop security architectures and designs using existing and emerging technologies to provide secure enterprise solutions

Skills: Security Architecture, RMF Compliance, NIST Standards, Risk Management, MFA Implementation, SSO Integration, Audit Planning, Enterprise Solutions

• Manage various teams like Operations, Delivery and Presales to ensure all the support and solutions fulfil all the customer requirements concerning Security
• Investigate security breaches and other cybersecurity incidents of L2 are not able to identify and mitigate
• Validate the security measures implemented by the team across domains and customers
• Validate the assessment reports prepared by the security team and present them to the customers
• Architect solutions for the customer and present them to their concerned teams
• Develop company-wide best practices for IT security
• Assist with any advanced-level solutioning, implementation, and support
• Research security enhancements and make recommendations to management
• Stay up to date on information technology trends and security standards
• Assist internal teams with acquiring various compliance and standards
• Conduct Vendor Assessments and validate their controls as per internal security policies
• Present in Webinars, Podcasts, Blogs, Awareness Sessions, etc. for security awareness and training

Skills: Security Architecture, Team Management, Incident Investigation, Compliance Support, Vendor Assessment, Solution Design, Risk Validation, Security Awareness

• Acts as a main security architect for .com experience, web and mobile services
• Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards
• Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems
• Contributes to the development of information security policy, standards and guidelines
• Actively maintains recognised expert-level security knowledge in one or more identifiable specialisms, with at least .com experience, consumer and customer-facing web and mobile services, and the underlying platforms and technologies
• Provides definitive and expert advice in their specialist area(s)
• Oversees the provision of specialist advice by others, consolidates expertise from multiple sources, including third-party experts, to provide coherent advice to further organisational objectives
• Supports and promotes the development and sharing of specialist knowledge within the organisation
• Builds on and refines appropriate outline ideas for research, including evaluation, development, demonstration and implementation
• Applies standard methods to collect and analyse quantitative and qualitative data
• Creates research reports to communicate research methodology and findings and conclusions

Skills: Security Architecture, Risk Assessment, Mobile Security, Policy Development, Web Services, Expert Advisory, Vulnerability Analysis, Research Reporting

• Contributes sections of material of publication quality
• Uses available resources to update knowledge of any relevant field and curates a personal collection of relevant material
• Participates in research communities
• Supports monitoring of the external environment and assessment of emerging technologies to evaluate the potential impacts, threats and opportunities to the organization
• Contributes to the creation of reports, technology road mapping and the sharing of knowledge and insights
• Implements stakeholder engagement/communications plan
• Deals with problems and issues, managing resolutions, corrective actions, lessons learned and the collection and dissemination of relevant information
• Collects and uses feedback from customers and stakeholders to help measure the effectiveness of stakeholder management
• Helps develop and enhance customer and stakeholder relationships

Skills: Technical Writing, Knowledge Curation, Research Engagement, Tech Scouting, Insight Reporting, Stakeholder Management, Issue Resolution, Relationship Building

• Works with IT and IS teams to identify, select and implement technical security controls
• Consults with IT solution designers (cloud and on-prem) to assure and ultimately approve designs and system changes in line with policy, agreed standards and/or risk profile
• Develops security processes and procedures to ensure that security controls are managed and maintained
• Researches, evaluates and recommends information-security-related hardware and software, including developing business cases for security investments
• Maintains an in-depth understanding of financial and credit card industry standards (e.g., PCI standards, card association requirements, GDPR) and ensures that all projects are delivered to these standards
• Assesses IT operational activities for compliance and security gaps both periodically (e.g,. PCI assessments) and as an ongoing activity (e.g. day-to-day interactions)
• Prioritises remedial work, driving security improvements across the business
• Trains non-security staff on risks and sensible approaches for mitigation
• Supports incident response from a security technology perspective
• Assess the impact of business change on the IT security model and associated artefacts
• Develops architecture strategy and creates models/patterns

Skills: Security Controls, Design Review, Compliance Audits, Risk Mitigation, Security Training, Incident Response, Architecture Strategy, Policy Alignment

• Lead the Corporate and Cloud Security solution architecture throughout the project lifecycle (Business Development, Design, Development, Ongoing operations)
• Ensure the security solution meets the customer's business and technical needs
• Maintain the organization's effectiveness and efficiency by defining, delivering, and supporting strategic plans for implementing information security
• Lead the security design throughout the project lifecycle and be accountable for the security solution's integrity
• Keep updated with emerging security threats and alerts
• Research emerging products, services, protocols, and standards in support of security enhancement and development efforts
• Share and communicate end-to-end security solutions (orally and in writing) to executives, business sponsors, and technical resources clearly and concisely that is in the vernacular of each group
• Guide various product experts regarding the security solution
• Create and support POC/demos and present security solutions to the client
• Develop, implement, and administer security policies and plans

Skills: Cloud Security, Solution Architecture, Threat Intelligence, Security Policies, Risk Assessment, Technical Leadership, Security Roadmaps, Stakeholder Communication

• Acts as a key participant in the development, implementation, and monitoring of the enterprise information security program
• Provides security consultation to IT management and IT staff at the highest technical level on all phases of the system development lifecycle
• Consults with IT and security staff to ensure that security is factored into the evaluation, selection, installation, and configuration of hardware, applications, and software
• Recommends and coordinates the implementation of technical controls to support and enforce defined security policies
• Oversees the development of and/or alignment to technology hardening standards
• Develops and communicates West Bend’s multi-year information security strategy
• Works with the Director of Information Security to develop budget projections
• Researches, evaluates, and recommends the implementation of new or updated information security hardware or software
• Performs security reviews of on-site, third-party technologies and sets security standards for implementation
• Partners with Enterprise Architecture to understand potential threats that must be mitigated in defined solution approaches
• Perform the architect role for IT security initiatives
• Reviews mitigations and remediation of security incidents/vulnerabilities to ensure they are appropriate
• Maintains awareness of Enterprise risk categories and mitigation strategies that require security solutions
• Monitors the external environment for emerging threats and reviews these threats within the Information Security Program
• Working with the security engineering team(s), develops and implements controls and configurations aligned with security policies and legal, regulatory, and audit requirements
• Assists IT Service Owners in understanding and responding to security audit failures/risk assessment findings reported by Information Security and auditors
• As a member of the Architecture Review Board, ensures technology solutions conform to corporate security architecture
• Participates in the information-security governance process
• As a member of the Change Advisory Board, assesses the impact of changes on security

Skills: Security Strategy, Risk Mitigation, Security Governance, Architecture Review, Security Audits, Threat Monitoring, Technical Controls, Incident Remediation

• Ensures the logical and systematic conversion of business, customer or product requirements into total systems solutions with acknowledgement of information management and technical architecture
• Performs functional analysis, timeline analysis, transaction (i.e., point of sale), and benchmark and interface definition studies to formalize customer requirements into systems architecture specifications
• Perform analysis of APIs, data models and interoperable interfaces for specific projects, services and integration points
• Interacts and communicates effectively with internal and external customers and development teams to clarify business, operational, or technical requirements
• Defines in written documents non-functional requirements (availability, interoperability, portability, manageability, scalability, maintainability, security, monitoring, SLAs, KPIs, regulatory and legal compliance) based on business vision, best practices, and enterprise architecture direction
• Balances a variety of competing goals in a design including project timelines, scope and budget constraints, and system performance
• Balances long-term department strategy and short-term project goals
• Keeps up on industry trends and current technological standards and best practices
• Assists with the assessment of industry standards for information models and their applicability to Casey's
• Drives adoption of identified design patterns, standards, principles, and best practices throughout the technology organization
• Accountable for guiding and modeling the technical implementation of security solutions including hardware, software, network, and other supporting infrastructure
• Maintains ongoing communication with project teams, verifying that what was designed was built and adjusting the solution architecture throughout the project
• Manages and facilitates the agile process to achieve business outcomes, including sprint planning, sprint backlog refinement, daily stand-up, sprint review and sprint retrospective
• Builds consensus across stakeholder groups including management and individual contributors
• Conceptualizes and articulates alternatives to problem resolution

Skills: Systems Architecture, API Analysis, Technical Requirements, Security Solutions, Agile Facilitation, Solution Design, Industry Standards, Stakeholder Alignment

• Participates in the cloud security governance model, establishing policies, standards and best practices
• Mentoring a variety of dedicated security and non-security professionals in security architecture designs and principles
• Building and deploying strong DevSecOps practices across a variety of tech stacks and pipelines
• Assisting in the design and deployment of a hybrid security operations center
• Providing leadership in security remediation activities
• Ensuring secure migration methods are defined and followed to move workloads from on-premises to defined cloud providers
• Creating a productive, high-energy, and achievement-oriented team environment
• Identifying, analyzing, and implementing process improvements and effectively communicating and leading change management initiatives
• Working cross-functionally to advocate on behalf of both customers' and security professionals' needs with internal teams including engineering, product, and IT

Skills: Cloud Security, DevSecOps Practices, Security Governance, Risk Remediation, Hybrid SOC Design, Policy Development, Secure Migration, Change Leadership

• Perform cloud security assessments for SaaS, PaaS engagements and provide detailed risk summary reports to the business
• Responsible for implementing and maintaining best security standards and policies to protect the Information systems architecture that includes Cloud, Data Center, Network, Servers, Storage, databases, Applications and related access control
• Work with business teams to ensure that critical data is protected and security is integrated into the products, software, applications and at customer install sites
• Devise security best practices and controls for the identity and access management program
• Participate in project meetings and perform security design reviews
• Research the latest security best practices, staying abreast of new threats and vulnerabilities and help to disseminate this information within the groups
• Implement relevant tools to monitor security threats, analyze relevant logs and take appropriate actions on multi-cloud environments
• Mentor and provide relevant training to the global team members
• Lead customer security audits and other corporate compliance requirements
• Develop, maintain and deploy security policies, processes, and standards

Skills: Cloud Security, Risk Assessment, IAM Controls, Security Policies, Threat Monitoring, Compliance Audits, Security Reviews, Team Training

• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Become the security subject matter expert who can explain technical topics
• Closely working with other developers and cloud solution architects in planning, developing, and implementing security controls
• Provide security recommendations that balance business requirements with information and cybersecurity requirements
• Demonstrating Understanding of business processes, security risk management, and related standards
• Reviewing security scans (e.g., Nessus, WebInspect, Nexpose, Veracode) and communicating with stakeholders
• Create a well-informed cloud Infrastructure security automation strategy with a strong emphasis on standardization and reusability
• Implement risk management programs by utilizing NIST, RMF
• Establish security controls to ensure the protection of client systems
• Implement cutting-edge security tools

Skills: Security Architecture, Risk Management, Cloud Security, Security Automation, Threat Analysis, Control Implementation, Security Scans, Compliance Standards

• Experience with IaaS/PaaS/SaaS (AWS, Azure, GCP)
• Experience in analysing the security of public cloud architectures
• Experience with secret management platforms
• Experience in Container/Orchestration like Kubernetes and Docker
• Experience in building/setting up security tools to automate recurring tasks and in particular, being able to develop automation tools using languages like Python or Go
• Experience triaging and understanding the root cause of security bugs
• Expertise in Log Management, Security Event Correlation and any SIEM technology
• Experience with vulnerability scanners, vulnerability management systems, patch management, and host-based security systems
• Experience as an Information Security Architect, Consultant, Analyst, or similar role
• Advanced knowledge of relevant privacy laws, regulations, and standards in Canada, the US, and the EU
• Excellent communication and analytical skills
• Comfortable in communicating with executives and presenting to Architecture Review Boards (ARB)
• Experience providing advice on issues related to foreign legislation (including GDPR) and the ability to interpret laws and legal advice
• Experience with AWS or GCP services

Qualifications: BS in Telecommunications with 9 years of experience

• Significant exposure or understanding of the following concepts, practices, and technologies: network security and perimeter security, firewalls, IDS/IPS, SIEM, workstation, mobile device, and network design standards
• Understanding the following concepts: identity management, federated identity services, incident management, access control, endpoint protection, desktop security tools, anti-malware solutions, application vulnerability testing, public key infrastructure, Windows, and Unix/Linux
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project
• Excellent communication and influencing skills
• Strong ability to balance differing stakeholder interests through sound analysis and persuasion
• Strong people skills, collaborative ability to work with IT stakeholders inside and outside of the organization
• Able to mentor team members with diverse backgrounds
• Ability to formulate a network security architecture vision and translate the vision into execution
• Thorough understanding of Information Security frameworks and good practices (e.g., ISO, NIST)
• Proven ability to strike a balance between an academic and pragmatic approach
• Experience in information security and/or related functions (such as IT Audit, Risk Management or Security Architecture)
• In-depth knowledge of the systems development life cycle, client area’s functions and systems, and systems applications programs development, technological alternatives
• Proven implementation of creative technology solutions that advance the business
• Excellent written and oral English communication skills

Qualifications: BS in Information Technology with 7 years of experience

• Experience as a cloud security architect within a large organization
• Proven track record in the design and implementation of cloud security controls, ideally in a geographically dispersed and hybrid cloud environment
• Demonstrated experience with modern infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), Function as a Service (FaaS) and other serverless computing technologies
• Excellent knowledge of solutions from Amazon Web Services (AWS), as well as relevant security and cloud well-architected frameworks
• Ability to lead and execute large, complex projects related to cloud security (e.g, introduction of a zero-trust security model, security hardening and attack surface reduction for IaaS/PaaS/SaaS/FaaS platforms and container orchestrators)
• Experience in using architecture methodologies such as TOGAF (The Open Group Architecture Framework)
• Practical experience in Agile/DevOps organizations and cultures
• Highly collaborative, with the ability to build relationships with colleagues from different cultures throughout the organization

Qualifications: BA in Intelligence Studies with 5 years of experience

• Experience with regulations, standards and frameworks (e.g., Sarbanes-Oxley, NIST CSF, ISO 27001, SSAE18, NY DFS, CCPA)
• Experience working within an IT organization of a Life/Annuity insurer
• Must have ITIL, CISM, and/or GIAC certifications
• Experience in using architecture methodologies such as SABSA, Zachman and TOGAF
• Strong team building, partnership, collaboration, and resource management skills
• Demonstrated ability to prioritize/communicate conflicting demands in a fast-paced environment
• Strong analytical and interpersonal skills with good written and verbal communication skills
• Proven ability to build relationships and influence others outside of the span of control
• Superior communication skills in articulating technology direction for all levels of management
• Proven ability to mentor and develop talent and drive a team for results
• Strong attention to detail and ability to manage multiple priorities, assign appropriate resources, ensure quality, and maintain high standards

Qualifications: BA in Cybersecurity with 6 years of experience

• Experience in the field of information technology with extensive exposure to numerous aspects of systems management, development, and operations as well as business planning
• Experience in information security with knowledge and exposure to security architecture, security assessment, security program management, or security engineering
• Experience managing cloud-based security solutions, AWS experience
• Knowledge of risk and security assessment procedures, security policy implementation, authentication and authorization strategies and technologies, and the attack lifecycle
• Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies
• Experience with enterprise applications (architecture, development, support, and troubleshooting)
• Experience performing threat modeling and design reviews to assess security implications and requirements for the introduction of new technologies
• Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions
• Demonstrable ability to diligently execute tasks in a dynamic and cross-functional environment
• Demonstrated competency in strategic thinking with abilities in relationship management
• Must have industry-recognized certification (e.g., CISSP, CCSP, SABSA, etc.)
• Excellent oral and written communication skills with the ability to confidently present and discuss technical information as well as long-term vision
• Confidence and leadership as a member of project teams in working with business users in a cross-functional environment
• Excellent problem-solving and analytical ability

Qualifications: BS in Information Systems with 8 years of experience

• Experience in security management, information security risk assessments, information security engineering, network security management, application design and architecture, and network engineering
• Hands-on and progressive information security design and implementation
• Security cloud architecture models, experience and knowledge, focusing on deployments
• Platform experience in Amazon AWS or Microsoft Azure
• Experience with the design of security across a broad platform (applications, servers, network, cloud, etc.).
• Experience with firewalls (perimeter and web application)
• Knowledge of IP networking and network security tools including intrusion prevention, SIEM, DDOS protection services, encryption, PKI, virtual private network, proxy services, wireless and domain name resolution
• Experience providing internal penetration testing, vulnerability scanning, verification of network segmentation, and remediation of associated findings
• Exceptional planning, organization, communication, presentation, multi-tasking, prioritization, documentation, and business analysis skills
• Ability to work independently, in addition to working closely in a team environment
• Ability to interpret technical needs and provide thorough and complete designs
• Experience with Azure and AWS
• Knowledge of common IT regulatory compliance requirements associated with any of the following HIPAA, HITECH, ISO 27001/2, SOC 1/2, SOX, PCI and security best practices and procedures

Qualifications: BS in Information Technology with 7 years of experience

• Hands-on experience with firewall, SIEM, penetration, vulnerability, and forensics tools
• Hands-on experience implementing secure cloud solutions
• Strong knowledge of information technology architecture and topology design
• Knowledge of programming and scripting language applications
• Microsoft Office Suite and Visio proficiency
• Good verbal communication and writing skills
• Strong attention to detail
• Ability to work independently and as a team member
• Ability to prioritize tasks and manage projects
• Ability to read and review information on computer screens and monitors to perform daily work

Qualifications: BA in Security Studies with 5 years of experience

• Ground experience in information security architecture
• Experienced with cloud security architectures (MS Azure) and operational technology (OT)
• Good understanding of international standards (ISO/IEC27001 and NIST framework)
• Familiar with Networking (segmentation, zones, border control devices)
• Must have Certifications in CISSP and CISM
• Great communication skills and the ability to work in a fast-paced work environment
• Must have security certification CISSP or CSSLP or (TISP+TPSSE) or CCSP
• Knowledge of IT Security Architecture
• Knowledge of IT Security Services
• Excellent communication, presentation/coaching, marketing and convincing skills

Qualifications: BA in Political Science with 4 years of experience

• Significant experience with multiple technical and business disciplines 
• Demonstrated experience or substantial knowledge in supporting competencies in cloud security standards and controls
• Demonstrated a high degree of technical security tooling in commercial cloud environments
• Technical expertise to understand multiple cloud platforms (AWS, Azure, IBM, GCP, OCI)
• Technical and conceptual knowledge of configurations in cloud platforms and expertise in AWS security stack, e.g., Cloud Trail, Cloud Watch, Guard Duty, Advanced Shield, IAM policy
• Experience supporting any cloud environment with multifactor authentication, CASB and Container Security technologies
• Strong working knowledge and technical support experience in application development lifecycle, DevOps CI, DevOps CD or DevOps/CICD
• Working knowledge of TOGAF, SABSA,
• Demonstrated experience working in an Agile environment
• Demonstrate knowledge of security best practices, policies and standards to design highly secure public and private cloud architectures that support application services in-scope of HIPAA, PII and PCI regulations

Qualifications: BS in Cloud Computing with 7 years of experience

• Working experience in cybersecurity/application security/data protection 
• Excellent written, verbal communication, and presentation skills
• Ability to work with a wide variety of teams and build open, respectful relationships
• Experience with security industry standards such as NIST Cybersecurity Framework, CISA, CSA, etc.
• Excellent interpersonal skills, and the ability to confidently share vision and roadmap to internal/external audiences
• Able to define and communicate a shared technical and architectural vision to ensure the system or solution is fit for its intended purpose
• Ability to handle multiple concurrent activities and have a flexible, positive attitude
• Must work well with team members, acting as a mentor to other engineers, helping to motivate and solve problems
• Must have strong organizational skills
• Experience with information security systems including Network firewalls, IDS/IPS, WAF, Multi-Factor Authentication platforms, VPN systems, Central anti-virus systems, etc.
• Experience with cloud infrastructure/cloud security (mainly AWS)
• Experience with open-source tools and platforms
• Experience with web and application security, familiar with OWASP frameworks, solutions and initiatives
• Experience with database security, mainly Oracle, MySQL, and PostgreSQL
• Experience with security projects such as Static Code Analysis, DB Firewall, and CASB implementations
• Experience with offensive security and penetration testing tools

Qualifications: BS in Applied Mathematics with 9 years of experience

• Experience in architecting information security solutions to support enterprise-class applications (ERP)
• Experience in securely migrating solutions to cloud-based infrastructures
• Experience working in an outsourced environment and managing to objectives and outcomes
• Expertise in the information security domains and key security concepts
• Excellent written and communication skills
• Experience in Information Security
• Experience in related technology functions, such as infrastructure/cloud engineering or software development
• Experience with defining and developing security architecture models in an enterprise setting
• Understanding of industry regulatory and compliance requirements that apply to cloud-based and on-prem technologies
• Knowledge of threat modeling and secure development processes
• Up to date with security attacks and the latest security research
• Excellent communication and collaboration skills while being an accountable member of the team
• Experience working with security vendors and developing recommendations based on evaluating products and analyzing functionality
• Offensive security experience with penetration testing or red team activities
• Must have Information Security certifications (CISSP, SANS GIAC, etc.) and Offensive Security/Pen test certifications (OSCP, etc.)

Qualifications: BS in Computer Engineering with 11 years of experience

• Good understanding of multidisciplinary security architecture with Cloud security
• Experience with designing, building, and performing vulnerabilities and penetration testing in complex os and network environments
• Experience with industry compliance and security standards including SOC 2, PCI, ISO 27001, HIPAA, and FedRAMP frameworks
• Possess analytical and problem-solving skills
• Experience with Security tools (e.g, Tenable, Black Duck, Veracode, Coverity, Burp, Fortify, etc.)
• Experience with programming language knowledge (C, Java, Golang, Lua, Python, JavaScript, Web Services/REST)
• Excellent communication and presentation skills and a “Go the extra mile” attitude
• Experience as an information security architect in a financial company
• Experience in leading Information Security projects from initiation to delivery, including RFI/RFP phases, SOW definition, plan, integration, and full delivery
• Experience with OS security, mainly Linux

Qualifications: BS in Risk Management with 5 years of experience

• Experience in architecting new cybersecurity environments and supporting transition for technical and business staff
• Experience performing security reviews and risk assessments
• Knowledge of Office 365 Security and Compliance Center configuration
• Understanding of NIST 800-53 and SANS security frameworks
• Knowledge in securing on-premises and cloud networks
• Able to document security procedures including incident response and DR plans
• Knowledge of configuring firewalls, routers and switches
• Knowledge of email security, anti-phishing, anti-ransomware and URL filtering technologies
• Knowledge of the Microsoft O365 platform
• Knowledge of Azure Cyber Security, Authentication and Identity Access Management
• Experience configuring and managing IPS/IDS and SIEM technologies
• Experience in configuring and managing Continuous Vulnerability Management systems
• Experience with configuring Cisco and FortiGate firewalls
• Knowledge of VNets, VPN, firewall, routing, and circuits

Qualifications: BS in Computer Information Systems with 8 years of experience

• Experience in computer security, technology-regulatory compliance/governance, technology risk management or Disaster Recovery/Business Continuity
• Experience managing IT projects and/or IT Support Departments
• Experience in advanced network, systems, and application security design, implementation, and management
• Experience with industry standards in Systems Development Life Cycle (SDLC), project management and development methodologies (PMBOK, MSF, SEI, Agile Methods, RUP, etc.)
• Strong analytical and problem-solving skills
• Ability to transcend departmental boundaries and interface with key stakeholders to develop effective technology solutions that have the least impact on operational performance
• Ability to tailor communication style to different audiences, and to exercise good judgment in frequency and nature of communications to different parties (senior management, stakeholders, team members, etc.)
• Ability to work with minimal supervision in a high-pressure environment
• Ability to rapidly resolve issues and recognize when escalation is necessary
• Ability to analyze complex business/technical data and develop innovative solutions
• Effective time management and prioritization skills

Qualifications: BS in Information Assurance with 7 years of experience

• Experience in Information Technology including Information Security
• Proven consulting and relationship management skills and the ability to leverage key working relationships with business units, vendors, and IT staff
• Effective communicator, capable of effectively translating and presenting complex technical concepts to both technical and non-technical management and customers, through oral presentations and written media (white papers and demonstrations)
• Familiarity with one or more standard security-related frameworks (NIST-Cyber, CoBIT, ISO, etc.)
• Experience with modern programming languages such as Java, JavaScript, Visual Basic, C++, C, C#, PYTHON, PERL, etc
• Knowledge of understanding of security principles and their application in an enterprise IT environment, Knowledge of various platform technologies including internet, network, distributed systems, desktop computing, voice, and threat management technologies
• Experienced with enterprise security controls including malware protection, firewalls, intrusion detection systems, content filtering, internet proxies, encryption controls, and log management solutions
• Knowledge of tiered application architectures, web front-ends/server-side apps, applications, and relational databases
• Experience with APIs such as REST, SOAP, SOA and other integrations
• Direct experience with secure application development, application security risk mitigation techniques

Qualifications: BS in Industrial Technology with 6 years of experience

• Strong strategic vision and a track record of successful delivery of business objectives
• Expertise in working with colleagues throughout the firm and in leading collaborative teams to achieve common goals
• Prior experience supporting the sale of software or services to government clients
• Understanding of industry standards, e.g., SOC 2, ISO 27001, FedRamp
• Ability to work independently with excellent time management, attention to detail, and cross-team collaboration skills
• Strong communication, interpersonal, and presentation skills
• Ability to write and speak to both technical and non-technical audiences
• Experienced in SaaS, cloud computing, enterprise software or social networking environment 

Qualifications: BA in Political Science with 4 years of experience

• Cybersecurity experience (application/cloud security, architectural reviews, security engineering, security evaluations, etc.)
• Strong knowledge of security best practices, principles, and common security frameworks
• Experience with security models in cloud environments such as AWS, Azure, and GCP
• Experience with security operations, monitoring and vulnerability management
• Hands-on development experience in the cloud environment with one or more programming languages (Python)
• Demonstrate experience in producing, documenting, and explaining layered architectural diagrams and topology diagrams, emphasizing security and data protection details
• Systems integration experience involving the interfacing of complex system components with one another
• Experience with agile methodologies, working in a fast-paced agile engineering/security environment
• Must have practical presentation skills to highly technical and non-technical audiences
• Demonstrate ability to influence decision-makers at all levels
• Must have Industry security certifications, such as CISSP, CCSP
• Proven experience as a security architect to perform research, evaluate vendor products/offerings, and quickly jump into the hands-on mode to build prototypes/solutions for critical business problems
• Passionate about the opportunity to be part of an all-star team that is integral to the security org
• Able to be motivated to work with multi-functional teams and drive things together to accomplish role objectives

Qualifications: BS in Management Information Systems with 10 years of experience

• Experience working with teams in security operations, incident analysis, developing applications, and security applications
• Experience using security architecture frameworks (SABSA, TOGAF, etc.) and tools (Archi, Visio) to create and manage designs
• Advanced understanding of tools and techniques used by attackers to gain entry into corporate networks, including common IT system flaws and vulnerabilities
• Demonstrated knowledge of threat landscapes and threat modeling, security threat and vulnerability management, and security monitoring
• Knowledge of network security architecture, understanding of the TCP/IP protocol, and remote access security techniques/products
• Expert ability to analyze and identify risks in network and system designs and communicate with key stakeholders to address the risk and drive a solution
• Demonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences 
• Must be able to react quickly, decisively, and deliberately in high-stress situations 
• Highly motivated individual with the ability to self-start, prioritize, multitask and work in a global team setting
• Ability to create and maintain good business relationships with counterparts, customers, and external entities to achieve the security operations management goals
• Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
• Familiarity with regulatory compliance requirements (PCI-DSS, HIPAA, FISMA, SOX)
• Familiarity with the National Institute of Standards and Technology (NIST) as it applies to FISMA

Qualifications: BS in Cryptography with 8 years of experience

• Experience in information security with a functional knowledge of all information security domains, industry standards and best practices
• Functional knowledge of ISMS governance models (i.e., ISO 27001, NIST), information security roles, and security controls
• Strong attention to detail, project management, communication, and organizational skills
• Demonstrated experience leading and executing security assessments and reviews
• Attention to detail and priority/time management
• Strong customer service, analytical, communication (oral and written) and troubleshooting/problem-solving skills
• Experience with Information Security technologies (Firewall, IPS, IDS, SIEM, EDR, CASB, AV, DLP, etc.)
• Experience with secure deployment of enterprise-scale infrastructure in either Amazon Web Services (AWS) or Microsoft Azure
• Strong analytical and problem-solving skills
• Strong team-oriented interpersonal and communication skills
• Self-starter and finds issues and opportunities and makes recommendations to management

Qualifications: BS in Digital Forensics with 6 years of experience

• Experience in Cyber security or rather Information security
• Expert knowledge and proven experience in Threat Modelling (STRIDE or DREAD), Embedded Security, Application security, secure software development, systems design and risk management
• Proven experience in the usage of the OWASP methodology, CIS and the ISO27001 framework
• Experience working in agile organizations, DevOps and continuous integration environments
• Advanced experience with Information Security principles, practices, technologies, programs and procedures, accompanied by an understanding of risk management methodologies
• Broad understanding of Information Technology, with a concentration on Information Security
• Strong understanding of Information Technology/Information Security domains and how solutions/applications are deployed and governed
• Familiarity with information security standards and frameworks including ISO 27002, NIST CSF, CIS Benchmarks, HIPAA, etc.
• Industry-specific certifications, such as Security+, CISSP, cloud technology certifications, etc.
• Strong cloud technology experience (AWS, GCP, Azure)

Qualifications: BA in Intelligence Studies with 5 years of experience

• Experience in administering IT security controls
• Experience with information security frameworks including NIST 800-53, NIST CSF, IS 27001, PCI-DSS and SOC standards
• Knowledge of technical infrastructure, networks, databases, and systems about IT Security and IT Risk
• Ability to provide support in resolving IT security or related product issues
• Knowledge of cloud security controls (Azure, AWS, Oracle) and (IaaS, PaaS, SaaS)
• Knowledge of firewalls, IPS/IDS, web filtering, anti-malware and web application firewall (perimeter and web application)
• Knowledge of TCP/OSI Model/IP protocols, network/packet analysis and intrusion detection/prevention
• Knowledge of Data Loss Prevention (DLP) solutions
• Knowledge of endpoint security and compliance solutions
• Experience working with a variety of security-related platforms and services, including SIEM systems, Threat Intelligence platforms, Security Orchestration, Automation and Response (SOAR) solutions, and other network and system monitoring tools
• Experience in troubleshooting security control-related technologies and solutions

Qualifications: BS in Data Science with 7 years of experience

• Practical experience implementing/assessing systems against the NIST Cybersecurity Framework or similar frameworks
• Experience of threat modelling applications, services and infrastructure
• Experience designing, developing and implementing enterprise security architecture and solutions through to operation
• Experience of defining the scope for penetration testers and interpreting findings into a pragmatic roadmap of control improvements, balanced with the risk
• Experience in interpreting and applying appropriate Standards, Policies, e.g., ISO27001, PCI DSS, and cybersecurity frameworks
• Experience with a wide variety of application technologies and testing tools
• Experience in application software planning, development and integration into proposed business solutions
• Experience implementing a comprehensive application testing methodology
• Hands-on development experience and working knowledge of web application languages and frameworks
• Experience in Information Security and Information Security Management Systems (ISMS)
• Knowledge of one or more of one or more cybersecurity technical domains, their architectures and related IS controls
• Knowledge of ICT security governance frameworks such as ITIL, ISO27001, PCI DSS, VAHTI or KATAKRI
• Proven track record of high-quality deliverables, organizing skills and working with clients

Qualifications: BA in Business Administration with 9 years of experience

• Information Security Architecture experience and any related designations such as Security+, CEH, CISSP, CISA or other relevant experience
• Experience in identifying security gaps in existing architectures
• Experience in designing security architectures to mitigate threats
• Demonstrated experience of excellent and value-driven skills in agile project management and planning and communication, easily making sense of the complex and what it is important
• Security Architecture experience across multiple industrie
• Previous experience in security services development and management for global, multinational companies
• Security architecture review board experience, secure coding and SSDLC implementation
• Secure design principles and security standard development experience
• Multi-platform experience in software development companies, supporting multiple independent areas of development
• Experience with leading and performing complex design architectures of cybersecurity solutions, big data, and networks
• Must have cross-functional technologies knowledge (Detection and response, Threat Management, Vulnerability Management, etc.)
• Excellent verbal and written communication skills, and be a collaborative team member

Qualifications: BA in Homeland Security with 6 years of experience

• Experience working in an information security role
• Understanding of principles in network technology, incident response, data loss prevention, security architecture, cloud security, virtualization, and information security policy
• Knowledge of penetration testing, Dynamic Application Security Testing (DAST), and Static Application Security Testing (SAST)
• Understanding of web application security risks such as SQL injection, XSS, CSRF and other risks covered in frameworks such as OWASP
• Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audiences
• Hands-on experience with information security tools such as vulnerability scanners, exploit frameworks, and web application testing tools
• Ability to learn technologies and platforms quickly
• Experience as a network, server, database, or application administrator
• Experience managing security infrastructure such as firewalls, IDS/IPS, SIEM and VPN
• Experience working with security vendors and developing recommendations based on evaluating products and analyzing functionality
• Excellent verbal and written communication, interpersonal, and customer service skills 
• Strong ability to interact professionally with a diverse group, including executives, managers, and subject matter experts
• Experience with writing security and IT-related documentation (e.g., white papers, procedures, technical specs, etc.), training peers, and presenting information to peers and leadership
• Ability to work independently and complete projects in coordination with other team members

Qualifications: BS in Information Systems with 8 years of experience

• Expert knowledge with modern metrics, monitoring, logging frameworks and SIEMs
• Expert knowledge in vulnerability scanning software
• Expert knowledge in IT risk management and security best practices
• Expert knowledge of enterprise relational database security
• Strong experience in Endpoint Protection Platforms (EPP), Endpoint Detection and Response (EDR) and Orchestration technologies
• Strong incident resolution experience
• Experience applying security operations technical principles, practices, and procedures
• Knowledge and understanding of diverse IT platforms and operating systems, including current and emerging technologies
• Excellent verbal, written, and interpersonal communication skills
• Ability to interact with all levels of an organization
• Experience influencing management on technical or business solutions
• Able to manage multiple complex tasks and bring activities to a close
• Experience in architecting security solutions for technology corporations
• Demonstrated experience establishing and maintaining effective working relationships

Qualifications: BS in Information Technology with 7 years of experience

• Prior experience with architecture processes, strategies and standards
• Familiar with performing IT consultative services
• Experience with demonstrated skills in translating business requirements to technical solutions
• Exposure to multiple, diverse technical integrations, technologies and processing environments
• Experience coordinating vendor solution delivery and partnering effectively with vendors to meet business needs
• Familiarity with security architecture processes, strategies and standards
• Knowledge of information security concepts- Data Loss Prevention, Intrusion Prevention, Threat and Vulnerability Management, and Identity and Access Management
• Extensive experience working in information security architecture or design roles
• Must have certifications such as CISSP, CCSP, TOGAF, and SABSA 
• Security design experience in at least one major cloud platform (Azure, GCP, AWS)
• Ability to communicate and build relationships outside the IT function and fosters a collaborative working relationship with various stakeholders
• Experience working in an Agile or Scrum environment

Qualifications: BA in Homeland Security with 6 years of experience

• Experience in Information Security
• Experience in systems administration, architecting, developing, designing complex systems, and networking
• Experience in Enterprise Architecture
• Experience with Windows, UNIX, Linux server operating systems, VMware, and Citrix
• Strong understanding of threat modelling and risk lifecycle
• Expert in ISO27001, both the ISMS itself and how to practically apply those standards across the business effectively
• Experience in security controls and managing information security risks within public cloud infrastructure/services - Microsoft Office 365 and Azure
• Proven experience working in an IT/Infosec role, within a high-growth technology-driven environment
• Experience of internal/external audits and due diligence (client and supplier) for both ISMS, corporate/external facing infrastructure and policy compliance
• Strong understanding of data security and GDPR
• Previous experience with tools such as Darktrace, CrowdStrike and Tenable
• Broad knowledge of IT systems, processes and the challenges of B2B environments

Qualifications: BS in Cryptography with 8 years of experience

• Understand business requirements from a network and security point of view
• Deep technical, analytical and troubleshooting skills and the ability to determine appropriate action
• Thorough understanding of the latest security principles, techniques, and protocols, patching and security updates
• Good understanding of Firewall/VPN/WAF/Security Architecture
• Experience in Information Security Architecture
• Experience with Firewall/VPN/Security Architecture
• Experience in cloud security setup and implementation of security controls
• Excellent verbal and written communication skills
• Ability to explain technical security concepts to non-technical colleagues at all levels of the organization
• Ability to work independently and support multiple stakeholders

Qualifications: BS in Risk Management with 5 years of experience

• Experience in information security systems architecture, controls design and implementation
• Strong subject matter expertise with industry standard information security authoritative sources, e.g., COBIT, ISO, NIST and associated architecture control and design methodologies
• Deep understanding of Information security for computing platforms
• Ability to deal with the ambiguity associated with working in a fast-paced and changing environment
• Demonstrated success with developing a risk-aware culture through partnership with peer technology teams and supported LOB(s)
• Proficient problem-solving skills using data analytics and risk quantification
• Demonstrated success in guiding and influencing sound risk and security remediation strategies aligned with core business objectives and risk appetite
• Strong leadership qualities and business acumen
• Able to deal with all levels of the organization
• Sound business judgment and decision-making skills
• Able to drive and influence organizational change
• Experience or knowledge in life insurance and/or financial services products and services
• Ability to translate information security and technical controls into Business terms that are easily understood
• Ability to read network and system architecture diagrams to determine risk and recommend actions
• Exposure to at least one common code language used by applications developed by the company
• Ability to solve intellectual problems of substantial variety and complexity using originality and ingenuity

Qualifications: BA in Business Administration with 9 years of experience

• Proven experience in architecting, developing, and designing complex systems and networking
• Deep understanding of Enterprise Architecture
• Hands-on experience with Windows, Unix, Linux, server operating systems, VMware and Citrix
• Prior experience in a healthcare/hospital environment
• Must have Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) and/or TOGAF qualification
• Must have CCSP or AWS Cloud Certifications 
• Excellent communication skills to prepare and present the solution/services to the customer
• Hands-on experience in managing Compliance (ISO 27001, ISO 9001, PDPA)
• Hands-on experience in any of the Public Clouds like AWS, Azure, GCP, etc.

Qualifications: BA in Psychology with 5 years of experience