The Information Security Architect will work with key members of Information Technology and other Business Units to ensure that Information Security is fully integrated into BMC' s enterprise technology architecture.
Operations support includes the creation of formal documentation, technical assessments, and providing recommendations for security improvements. This role will require the individual to multitask and serve as a technical point-of-contact supporting the Enterprise Architecture function. The role requires on-call rotation and occasional off hours support.
Reviews technical designs to ensure that they are consistent with defined architecture principles, standards and best practices (including security and compliance).
Address documentation gaps in the enterprise through the development of inventory, diagrams, blueprints, and other documentation.
Review ongoing designs of major programs to identify strategic opportunities and security/compliance issues.
Ensure projects align with strategic capabilities & technology standards.
Partner with various stakeholders, including application development teams, PMO, and security operations to drive the Secure SDLC strategy.
Provide technology governance by conducting architectural assessments or leading design tasks.
Define and promote processes, policies, standards and procedures to assure compliance with corporate and regulatory policies.
Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks.
Work directly with project development teams to enable successful project implementation applying the recommended security tools, technologies, and techniques.
Advise application and infrastructure project teams on information security planning, policy, and architecture and provide high-level security requirements to projects.
Document storage and transmission of sensitive information and provide architecture and requirements to ensure that this data is secured in accordance with Benjamin Moore policies, best practices, and regulations.
Work with the Resiliency team to ensure that disaster recovery and business continuity plans include security considerations.
Participate in strategic analysis and collaboration efforts related to implementation of strategy and solutions (i.e., cloud/infrastructure strategy, enterprise system replacement, etc.
Participate in product selection, vendor evaluations, and implementations of security technologies.
5-7 years of experience in technical roles such as an Architect, Systems Engineer or Infrastructure/Security Analyst.
Strong knowledge of data management concepts and architectures.
Experience designing, integrating, and managing complex technology solutions.
Knowledge of web related technologies (web applications, web services, and service oriented architectures) and of network/web related protocols.
Strong understanding of Software Development Life Cycle.
Basic experience with server operating systems including Microsoft Windows, Red Hat Enterprise Linux, etc.
Understanding of Database Systems including MS SQL, MySQL, Oracle, etc.
Experience with firewalls, NAC, PKI, identity and access management, IPS, Web Proxies, vulnerability management, file integrity monitoring, endpoint security platforms (AV, encryption, DLP, etc.)
Understanding of Privacy regulations, PCI compliance, and IT SOX regulatory requirements.
Working knowledge of compliance frameworks and security management standards (e.g., ISO 27001, COBIT, NIST CSF)
Ability to create rich diagrams and visual presentations in support of project delivery and strategy work
Non-Technical Skills: Excellent teamwork skills; written and oral communication skills. Excellent formal documentation skills
Industry security and systems certifications preferred (CISSP, CEH, GCIH, RHCSA/RHCE, MCSE, CCNA, etc.)
ITIL Certified and or able to obtain ITIL Foundations Certifications within the next 3 months