The Security Specialist Lead acts to advance the evolution of security across all functions of the business. You combine a high level of technical, regulatory and operational knowledge to deliver secure solutions and foresee future control gaps as technology and industry evolve. Providing strategic direction and exploration into research and development of innovative security solutions, architectures and strategy.
As a senior member of the team, the role requires a strong positive ability to lead other team members through the strategy directed by senior management. In addition to technical skills, the Security Specialist Lead is process-oriented and results-oriented, and demonstrates effective problem-solving and communication skills. They will often serve as a subject matter expert for colleagues and line-of-business managers, and experience with multiple technologies, compliance requirements and risk analysis methodologies is crucial.
Here's how you'll contribute:
Develop and enforce the security strategy in areas of application, programs, and initiatives.
Support critical company initiatives and objectives by maintaining a consistently high level of security and privacy posture throughout.
Collaborate with Enterprise Architecture and Development teams to incorporate strategies and standards in all designs and solutions.
Improve efficiencies using automation and orchestration solutions to reduce manual work that can be done programmatically.
Remain current with new security threats and assessing systems to ensure they can defend the business.
Responsible for ensuring frameworks and standards align with our directives and industry best practices while meeting business needs and SLA requirements
Responsible for delivering security blueprints, specifications, models and guidelines to be used in development of technical solutions across the organization.
Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
Maintaining security posture through day to day activities in a manner consistent with our risk culture and risk comfort level
Build and design automation to integrate Application Security into various CI/CD across the organization.
Here's what you'll bring:
Bachelor’s degree in Computer Science, Computer Engineering, Information Technology or related field
6-10 years of experience in customer-facing positions as technology leader/Architect
Experience with Azure Cloud Architecture / Amazon Web Services (AWS)
CISSP, CCSP, CRISC, or similar cloud certification are preferred
Software development in an agile environment with focus on Devops with CI/CD
Experience with automation tools such as Ansible, Chef and Puppet, Terraform
Experience implementing PaaS preferable AKS
Deep understanding of log and monitoring management systems for security events, network-based and host-based intrusion detection, firewall, malware and threat intel.
Understanding of frameworks, standards and assessments such as ISO 27001, SOC 1, SOC 2, PCI, NIST.
Knowledge of encryption and encoding methods and standards.
Active involvement with practices emerging from OWASP, NIST, SANS
Understanding of Rick Management frameworks (CoBIT, ISO, PCI DSS, etc.)
Excellent communication skills with the ability to present solutions and complex technical aspects to variety of levels of audience
Collaborative attitude with willingness to work with team members and able coach, participate in code reviews, sharing skills and methods.