JM Family Enterprises, Inc. is one of the largest, most innovative and diversified companies in the automotive industry. JM Family has been on Fortune Magazine's Best Companies to Work For for 20 consecutive years. What started with Jim Moran's passion for selling cars continues today with the dedication and hard work of every JM Family associate. Our principal businesses focus on vehicle distribution and processing, finance and insurance, retail vehicle sales, and dealer technology services. At JM Family, our mission is to be the premier provider of quality products and services. We accomplish this mission by adhering to our core values, the three C's, the I and the A: Consideration, Cooperation, Communication, Innovation, and Accountability.
The Enterprise Security Architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices. The enterprise security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. This role is responsible for the overall security technology strategy, implementation approach, governance model and security standards necessary to support all of JM Family Enterprises. The Enterprise Security Architect works with various stakeholders within the business units, PMO, Technology Operations and Information Security to ensure that the security technology objectives and solutions are aligned to the business mission, strategy, goals, and processes.
The Enterprise Security Architect will establish, maintain, and communicate a technology vision within an Information Technology discipline. Participates in major technical decisions, develops technical proposals that consider alternatives and business cases, gains needed institution approvals, and works effectively across departmental organizations gaining consensus of stakeholders. Possess and maintains a strong working knowledge of multi-platform technical environments.
Responsibilities will include:
- Understands technology trends and the practical application of existing, new and emerging technologies to enable new and evolving business and operating models
- Establishes overall security architecture vision and ensures specific components are appropriately designed and leveraged
- Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
- Develop security strategy plans and roadmaps based on sound enterprise architecture practices
- Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
- Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
- Participate in application and infrastructure projects to provide security-planning advice
- Draft security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the CISO
- Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM)
- Develop standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria
- Coordinate with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO
- Coordinate with the privacy officer or office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
- Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems
- Review network segmentation to ensure least privilege for network access
- Support the testing and validation of internal security controls, as directed by the CISO or the internal audit team
- Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
- Coordinate with BU PMO and Physical Security teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems
- Liaise with other security architects and security practitioners to share best practices and insights
- Liaise with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs
- Maintains Enterprise level Security EA Principles and Patters
- Provides consulting support to IT teams within projects to ensure the project is aligned with overall enterprise security architecture
- Leads workshops, decision meetings, collaborative sessions, and executive briefings related to a wide range of Enterprise Security Architecture topics.
- Serves as a leader, consultant, mentor, or tutor in many specific technical architecture areas of expertise
- Provides key input to short and long-term department strategy and budget planning
- Communicates persuasively and effectively to business and technical audiences
- Required to translate complex security-related matters into business terms that are readily understood by colleagues.
- The enterprise security architect must interpret business, technology and threat drivers, and develop practical security roadmaps to deal with these drivers.
- The enterprise security architect should anticipate presenting analyses in person and in written formats.
- As part of the due diligence of security technologies, the enterprise security architect will be expected to evaluate the financial costs of recommended technologies
- Is able to envision the business potential of emerging technologies and products.
- Is current in understanding of both developer trends and emerging technologies
- Demonstrates an understanding of strategic issues, and is an authority on the systems development life-cycle and typical problems associated with the implementation of information systems, from initial concept through development and implementation to operation and support.
- Has sound knowledge of Agile/Lean development methodologies and Continuous Deployment Tools and Techniques. Can ensure that overall Enterprise Architecture Designs and Tool/Vendor selections facilitate and/or support these techniques
- Strong technical experience of developing architectures that enable a digital transformation within a business.
- Demonstrates understanding of key IT disciplines e.g., strategy, governance, software delivery, budgeting
- Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
- Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology
- Verifiable experience reviewing application code for security vulnerabilities
- Direct, hands-on experience or a strong working knowledge of vulnerability management tools
- Direct experience designing IAM technologies and services
- Practical experience with Architecture service definition and governance including Innovation, IT Strategy, Portfolio Planning, Budget, Solution Architecture
- Demonstrates an awareness of internal and external dynamics, and an acute perception of the dimensions of business issues
- Expertise in Cloud Security architecture and implementations
- Conducts research and identifies, collects and analyzes information about markets, economies, technology trends and business operation issues to make informed decisions Experience with cloud data technology offerings from AWS or Azure.
Posting ID: 600722179Posted: 2021-03-03