Security Technology Risks & Architecture Assoc Manager

Job description

Overview

The Security Risk Lead role is unique to the International Business Information Security Office organization and is responsible for information security risk and technical security analysis within the sector.

Responsibilities

·  Assist Attack Surface Management and Global Digital Connections teams when working with third parties locally on website/mobile security remediation
·  Escalate and provide appropriate, informed recommendations on security gaps/opportunities within the region to Sector BISO
·  Engage with key stakeholders to ensure that processes and initiatives operate within the documented security org framework, monitor security policy/standards compliance, and Information Security strategy is understood and communicated
·  Identify Stakeholder resistance and barriers and tighten the cohesion between business and Information Security
·  Acts as the technical subject matter expert on all security initiatives, leverages existing global security technology and products to solve problems, and assists the global project teams with testing, deployment, and execution of new initiatives (e.g. pilots, POC’s, other) within the sector
·  Works with all members of the Information Security sector and global functions organization to understand the security impact of complex technical issues (i.e., vulnerability remediation, incident response, new project/program capabilities)
·  Analysis and research into sector security operational metrics to understand causality and differentiating factors in consultation with InfoSec, SDM’s, and Operations to drive strategy and approach to the prioritization and mitigation of risk
·  Interface with the BRM organization and the InfoSec Engineering Solutions Architects to deliver secure business solutions.
·  Support model design and drafting of documentation/runbooks for new security services in collaboration with (for example) Security Solutions, Engineering and Architecture teams
·  Develop and implement strategies for engaging business functions on information security technical matters and gain buy-in
·  Build technical FAQs and other communications resources on Information Security programs, initiatives, capabilities and risk in consultation\\collaboration with SMEs and functional capability owners
·  Support of vulnerability mitigation and remediation plan development
·  Act as trusted advisor in the exception risk management process to include articulating risk and vulnerability information, determining mitigating controls, and assist in remediation plan development
·  Participates in educating business functions on Information Security services and processes
·  Participates and provides guidance specific to Incident After Action Engagement Program and post incident activities
·  Provide feedback on security requirements during planning cycles
·  Collaborate with and support OT and Third Party Security Risk Management team on assessments, issues, and remediation
Qualifications

·  8-10 years as IT Security Architect/Engineer or similar experience
·  Experience with security architecture, application risk analysis, vulnerability management, data classification, CIS Top 20 Critical Controls
·  CISM, CISSP, GIAC certifications preferred
·  Well versed in NIST Cybersecurity Framework
·  Well versed in Agile development methodology and DevSecOps framework
·  Written/spoken English proficiency required
·  Strong interpersonal and oral communication skills
·  Ability to translate highly technical information into plain language
·  High level of analytical and problem-solving abilities.
·  Highly self-motivated and directed.
·  Strong organizational skills.
·  Excellent attention to detail.
·  Experience working in a team-oriented, collaborative environment.
·  Ability to manage multiple priorities and work across multiple organizations and teams