Essential Functions:

• Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.
• Develop security strategy plans and roadmaps based on sound enterprise architecture practices.
• Develop and maintain security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.
• Develop guidance and recommendations for franchisees on PCI standards and compliance.
• Track developments and changes in the digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.
• Participate in application and infrastructure projects to provide security planning advice.
• Develop, implement and refined security procedures and standards.
• Conduct security assessments of internal systems, applications and IT infrastructure as part of the overall risk management practice of the organization.
• Conduct vulnerability assessments and other security reviews of systems, and plan and prioritize remediation.
• Conduct code reviews of applications to determine security flaws or other issues that would impact the confidentiality, integrity or availability of the system.
• Direct internal and third-party technicians on information security, applications and infrastructure to produce optimal designs.
• Produce and maintain technical documentation of systems and architectures.
• Support vendor selection and analysis by evaluating third party security fit within the domain.
• Maintain professional and technical knowledge through appropriate training courses, selected reading, conferences and involvement with professional organizations.

Requirements:

• Bachelor’s degree in computer science, cybersecurity or related field
• Minimum of five years of relevant experience
• Experience in using security architecture methodologies
• Experience reviewing application code for security vulnerabilities
• Direct experience using vulnerability management tools
• Full-stack knowledge of IT infrastructure
• Experience designing IAM technologies and services (e.g., Active Directory, LDAP, Azure, IAM)
• Strong working knowledge of IT service management
• Working knowledge of: Payment Card Industry’s Data Security Standard (PCI-DSS), General Data Protection Regulation (GDPR), Privacy Principles (best practices), International Organization for Standardization (ISO) 27001/2, National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)
• Strong verbal communication and writing skills
• Experience leading and mentoring individuals and groups
• Ability to concentrate on a wide range of loosely defined complex situations, which require application of creativity and originality, with limited guidance and counsel
• High level of organizational and project management skills to handle multiple concurrent assignments in a timely manner