Manager, Security Architecture

---

Job description

Job Description:
The Manager, Security Architecture leads a team of Security Architects and Application Security Engineers who own the Security By Design program at Flexential. This program includes designing and implementing secure, scalable, and resilient information security architectures and applications throughout Flexential.
This leader works cross-functionally to build, develop, and maintain relationships with internal and external clients as well as vendors to integrate security measures throughout the product and system lifecycle, conduct threat modeling, and perform regular architecture reviews. This role will drive the establishment and enforcement of information security best practices.
Key Responsibilities and Essential Job Functions:

• Own and mature the Security by Design program to ensure Flexential products and systems are designed and implemented securely.
• Contribute to and lead the team that identifies security risks/gaps and the creation of security architecture requirements and mitigation strategies.
• Own implementing and maturing security best practices into the Secure Software Development Lifecycle (SSDLC).
• Establish operational foundations, defining metrics and KPIs to drive governance, quality, and efficiency. Influence and improve existing processes through innovation and operational change.
• Maintain awareness of trends and requirements of security regulatory, technology, and operational landscapes, including regulatory frameworks such as PCI-DSS, ISO 27001, and NIST Cyber Security Framework.
• Develops and maintains security procedures and standards to be reviewed and approved by executive management.
• Develops and maintains baseline security configuration standards for operating systems, network segmentation and identity and access management.
• Anticipates new security threats and stays up to date with evolving security controls to inform the Information Security team's continuous improvement efforts.
• Performs and overseas validation and review of platform, delivery, architecture designs and security implementations from DevOps to production.
• Ensure security architecture strategy aligns and supports the Flexential Information Security program.
• Works with other teams to develop or enhance processes, provide cross-training, assist with security stature, and build relationships.

Required Qualifications:

• 5 years of experience in IT security and compliance, with IT or service provider experience.
• Full stack knowledge of IT Infrastructure including but not limited to applications, databases, operating systems, IP networking, virtualization, backup networks and media, and microservices.
• Strong familiarity with information security and compliance engineering and operations practices.
• Proficiency with security configurations and standards at all layers of the OSI model.
• Advanced knowledge and experience working with public cloud security including GCP, Azure, and AWS.
• Experience implementing MDM, IAM, and deep understanding of encryption and cryptography.
• Ability to quickly assimilate new technologies, tools, internal/external systems and design frameworks.
• Ability to break down advanced security concepts into simple to understand business terms.
• Experience presenting to customers and executives with confidence to support the positioning of our security controls and programs.
• Ability to influence and mature business and engineering areas within all information security domains.
• Experience mentoring and coaching for internal and external team members to promote a culture of security throughout the business.

Preferred Qualifications:

• Security certifications such as CISSP, CSSLP, OSCP, GDSA.
• Experience with Kubernetes and micro-services architecture.
• In depth knowledge and experience with industry compliance standards and frameworks such as PCI-DSS, HITRUST, NIST, ISO, ITIL, and SOC1/2.
• Formal Security Architecture or Architecture Review Board experience and frameworks usage.
• Experience with secure CI/CD pipeline design and architecture, automation, and secure code gating.
• Experience with Information Security program assessment and maturity modeling (NIST CSF, SWOT Analysis, etc).

Physical Requirements:

• Ability to sit for extended periods of time
• Moderate or advanced keyboard usage
• Limited travel may be required

Not meeting every single requirement? No problem! We are looking for candidates who possess unique skills that set them apart from the rest. If you're enthusiastic about this role and believe you have the skills and abilities that would make you successful, don't hesitate to apply today!

This position has the following safety hazards:

Chemical
Electrical
Ergonomics
Climb ladders
Mechanical lift
Noise
Temperature Extremes
Trip/Fall
Driving (must possess valid driver's license and insurance)
Other: _

Benefits of working at Flexential:

• Medical, Telehealth, Dental and Vision
• 401(k)
• Health Savings Accounts (HSA) and Flexible Spending Accounts (FSA)
• Life and AD&D
• Short Term and Long-Term disability
• Flex Time Off (PTO)
• Leave of Absence
• Employee Assistance Program
• Wellness Program
• Rewards and Recognition Program

Benefits are subject to change at the Company's discretion.

Base Pay Range: Annualized salary range offered for this position is estimated to be $122,800 - $140,000. However, the actual pay range depends on each candidate's experience, location, and qualifications.

Variable Pay: Discretionary annual bonus, based on personal and company performance.

EEO Statement: Flexential is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

<!– job description page –>