Sr. Director/Director – Cyber Security Architect

Offer by FICO




About this job

Job type: Full-time
Role: System Administrator


security, cloud, amazon-web-services

Job description

Sr. Director/Director – Cyber Security Architect

Sr. Director/Dir Security Architect- Preferred Location: San Jose (CA), Austin (TX), San Diego (CA). Secondary: Roseville (MN)

Job Description Summary

The Sr. Director Security Architect will be responsible for architecture and security technology evaluations/recommendations to the business specifically focused on application development and cloud technologies. He will work in conjunction with lead architects, Operational teams and VP R&D to evaluate, plan and develop enterprise security technology and security architecture strategy.

He will be responsible for helping to define guidelines, best practices, writing policy/standards and driving adoption of new application and cloud architectural designs. This candidate will deliver cloud architectural guidance and conduct regular security consultancies for the business. The candidate will also regularly collaborate with the business and the wider security organization to address cloud security and compliance challenges and engage in a wide variety of cloud security-related projects and initiatives.

          What You'll Contribute

    • Manage the Application Security Cyber Team to develop and drive programmatic efforts to address external, internal, and emerging application security risks throughout the organization. Develop key partnerships with executive leadership and their staff to facilitate positive change. 
    • In a primarily Agile and DevOps environment, develop and deliver application security strategy, including but not limited to the operating model, staffing and execution plans as needed.
    • Working with the application teams, ensure that application security risks are effectively identified and appropriately addressed while maintaining a balance between security & usability.
    • Be an application security evangelist who can translate security concepts into language that is meaningful to varying audiences, including business and technical leaders. Integrate new and existing security tools, standards, and processes into the development life cycle, including static analysis and runtime testing tools.
    • Produce metrics reporting the state of application security programs and performance of development teams against requirements.
    • Working with key stakeholders and team members, assess current application security environment with regulatory and industry requirements, to inform areas of noncompliance/gaps to be remediated for all application security requirements, including; PCI-DSS, GDPR and other state regs/industry standards
  • Conducts business level security architecture assessments to evaluate existing security program and cloud application architecture, identify weaknesses and make recommendations.

  • Assess security threats and risks in order to define and implement appropriate architectural security.

  • Develops security architecture standards, frameworks and design patterns spanning all layers of security from host, server, mobile, and network to application and data security.

  • Architects, designs, prioritizes, coordinates, and communicates the security technologies necessary to ensure a highly secure yet usable computing environment.

  • Contributes to the development and implementation of security technology solutions such as firewalls, load balancers, encryption technologies, WAF, Jenkins, Fortify, Checkmarx, AD, LDAP, Splunk, and secure use of common public cloud offerings such as AWS, GCP, and Azure.

  • Analyzes business impact and exposure based on emerging security threats, vulnerabilities and risks, and recommends technologies and solutions to mitigate them.

  • Stays current with security technologies such as cloud platform security, dev-ops security, identity and access products, endpoint security products, network security technology and mobile security technologies and makes recommendations for users based on business value.

  • Develops security architecture plans that align to enterprise architecture strategy and the company’s business strategy.

What We're Seeking

  • 7 or more years of relevant work experience.

  • Experience in R&D leadership, IT security architecture, compliance and risk management.

  • 3+ years of experience with standard Cloud technologies.

  • 5+ years of experience with security including architecture or security management, user, platform and device authentication, and various levels of access controls and authorization, enterprise directories and their integration with other systems in a large, complex environment.

  • Expertise in application development and dev-ops security technologies and integration such as code scanning, FOSS, vulnerability analysis, and security for automated deployments.

  • Demonstrated knowledge of infrastructure security, including windows, Unix/Linux, desktop/laptop, and mobile security, as well as knowledge on cryptography and PKI.

  • Demonstrated effectiveness working across multiple business units to achieve results.

  • Demonstrated ability to think strategically about business, product, and technical challenges.

  • Experience with a wide range of IT system components including architecture, authentication, connectivity, system hardware and software components, virtualization, cloud computing, and mobile.

  • Ability to manage relationships with other business units, external vendors and stakeholders when IT security risks are present and system or process changes must be made to mitigate risk.

  • Working knowledge of IT process modeling to determine risk to corporate systems.

  • Working knowledge of application security, including Web Services and SOA, as well as Agile and DevOps, Mobile security and mobile development.

  • Proven understanding of security for structured databases and unstructured data, such as access controls, encryption, monitoring and others.

  • Experience with enterprise class security products such as Identity Management and Single Sign On.

  • Experience within the transformation of traditional data center security measures into industry adopted cloud technologies like Amazon Web Services, GPC, Azure, etc.

  • Proven ability to work with compliance frameworks and requirements such as PCI, HIPAA, GDPR, SOX etc.

  • Demonstrated knowledge on threat landscape, security threat and vulnerability management, and security monitoring and analytics.

Even better if you have:

  • CISSP, CISM, GSEC or AWS Certified Architect.

Our Offer to You

    • A culture and work environment strongly reflecting our core values: Act Like an Owner, Delight Our Customers and Earn the Respect of Others.
    • The opportunity to make a difference by leveraging your unique strengths.
    • Ability to learn and enhance your skills in and outside of the cyber domain
    • Highly competitive compensation and rewards.
    • Flexible work options, opportunities to give back to your community, social events with colleagues and a comprehensive benefits program inclusive of progressive parental leave.   

A new version is available REFRESH