Returning Candidate?

Security Architect

Security Architect

Location 
US-CA-San Francisco
Job ID 
33625

More information about this job

Summary

The Sr Principal Security Architect develops and maintains an information security strategy for Esurance, ensures the strategy is in line with industry best practices, and ensures information security is prioritized across the company for all applications and processes. The Sr Principal Security Architect develops relationships with internal and external experts in the field of Information Security.

Responsibilities

  • Develops and drives implementation of the Information Security strategy.
  • Defines Information Security project roadmap and assists in security project prioritization.
  • Functions as the lead internal security expert, and provides cross functional view of security for all teams.
  • Ensures information security is addressed as a business issue across the company and provides overall coordination and management of all security activities within the company.
  • Develops and maintains relationships with business partner and external organizations to understand their business requirements and offer security solutions.
  • Develops and maintains relationships with other industry experts, and participates in public security forums.
  • Develops and implements a framework for security processes, roles, and responsibilities throughout the organization.
  • Participates in the system development cycle to ensure that security issues are taken into account and addressed early.
  • Leads information security training strategy for employees, contractors, partners, and other third parties as appropriate.
  • Monitors compliance with the organization's information security policies and procedures among employees, contractors, partners, and other third parties; resolves potential issues as needed.
  • Performs information security risk assessments.
  • Serves as a resource cross-functionally to share security insights and best practices with teams across the company.
  • Monitors changes in legislation and accreditation standards that affect the Information Security program.
  • Mentors and guides the work of technical security staff.

Qualifications

  • Expert in the principles and techniques of security risk analysis and demonstrated understanding of the management issues involved in implementing security processes and a security-aware culture in a corporate environment
  • Participates in Information Security public forums and contributes to industry best practices.
  • Hands on experience with broad range of information security technology (network, infrastructure, end-point, monitoring, vulnerability management, and application).
  • Excellent communications (verbal and written), change management skills and ability to operate effectively in a fast-paced environment
  • Experience with M&A and track record of rapidly integrating acquired businesses in a secure manner
  • Knowledge of security regulatory requirements for insurance industry as well as PCI DSS
  • Knowledge of SEI's CMMI (http:
    //www.sei.cmu.edu/cmmi/) model for secure software development
  • Proven ability to effectively lead and meet business objectives in a highly global, collaborative and high performance work environment
  • Ability to influence others where there is no direct authority.
  • Background and style that elicits respect in the organization through management style, technical depth, customer service and results.
  • Strong business/relevant industry acumen with the ability to quickly articulate alternative methods to secure business that does not overly constrain the ability to be competitive in a rapidly changing business climate
  • Hands on leadership style and ability to balance the need to expand business into new markets and ensure appropriate security controls are in place.
  • Ability to ?roll up sleeves? and perform wide variety of information security tasks.
  • Excellent leadership skills and ability to lead organization through rapid change.

    Experience / Education:

  • BS degree in computer science, engineering or related field required, MBA desirable
  • Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM)
  • Minimum 11 years experience implementing security solutions and processes
  • Minimum 11 years experience with Network Security technologies
  • 3+ years previous management role in information security organization


Connect With Us!

Not ready to apply quite yet? Connect with us to get job updates based on your interests.