Information Security Strategy Architect develops and deliver solutions that protect enterprise systems, applications and data by establishing strategies, policies and practices that prevent unauthorized access, use, disclosure, modification or disruption. The positiondevelops and delivers solutions for evaluating and mitigating enterprise IT security risks, establishing security policies and practices, implementing controls, and educating stakeholders. Applies industry security standards, best practices in infrastructure and application security, and threat assessment frameworks such as MITRE ATT&CK and Microsoft STRIDE to develop and communicate enterprise information security strategies. The position also closely follows the strategic business directionset by senior Huntington management when establishing information security strategies and roadmaps.
Ideal candidates should be experienced information security consultants with demonstrated experience advising on security strategy at the Chief Information Security Officer (CISO) level and above. Should possess a proven record of management experience, security thought leadership and be recognized for business acumen. It is preferred that the candidate have experience assessing gaps against multiple standards and frameworks including Payment Card Industry Data Security Standard (PCI-DSS), FFIEC, NIST, GLBA, HIPAA, etc. and have experience in formulating security roadmaps to bridge identified gaps. Candidates must be a self-starter, demonstrate communication skills, and exhibit professional business demeanor at all times.
* Lead workshops in order to understand organizational cybersecurity problems, expected outcomes, and formulate strategic direction to help address in the short, mid and long term * Partner with other information security leadership team members to collectively build and drive information security programs, strategies, and roadmaps * Working directly with business and technology organizations to design and implement security strategies and architectures across platforms and for a variety of security solutions * Working with information security control domain leads and various partners to evaluate investments, staffing, target solutions, and cost of owner expectations * Building business cases that include financial and risk reduction projections to articulate the mission and anticipated goals of a particular security strategy * Performing security program assessments, documenting gaps, requirements analysis, and creating strategic implementation roadmaps * Ability to understand business direction and create optimized security organizations and architectures to meet needs * Ability to show return on investment for security and technology investments * Ability to translate technical requirements into business terms for executive stakeholders * Enhances security team accomplishments and competence by answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members
* Bachelor's degree * Minimum 5 years of experience in information technology engineering or operations which includes 3 years of information security experience and 1 year compliance experience (FFIEC, PCI DSS, SOX, CobiT, HIPAA, or GLBA), Security consulting experience, or Architecture experience
* Minimum of 1 years of management experience * Strongly prefer industry-adopted security certifications (e.g. CISSP, CISA, CISM, CRISC, CEH) * Experience with information security governance, data security and information privacy responsibility along with one or more of the following: security services, managed detection and response, cloud security strategy, system integration, SSDLC, vulnerability management, application security or secure DevOps * Risk management framework experience (e.g. NIST 800-30) * MBA * Experience with project management * Eagerness to contribute in a team-oriented environment * Ability to work creatively and analytically in a problem-solving environment * Desire to work in a dynamic and fast paced information systems environment * Excellent communication (written and oral) and interpersonal skills * Comfortable with senior management (C-Level) interactions * Demonstrated leadership, teamwork and collaboration in a professional setting
We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact us at ...@Huntington.com.