Director of Cyber Security Architecture and Engineering Services

About The Position

Requirements

• Bachelor’s degree or higher in related discipline.
• Industry Certification required, e.g. CISSP, CISA, CISM or equivalent designation
• A minimum of 10 years of experience building and leading cybersecurity programs
• A minimum of 5 of years leading Security Architecture and Engineering Teams.
• Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. U.S. FinTech does not offer sponsorship for this position.
• Strong working knowledge of Cyber Security Architectural and Engineering principles supporting Cyber Defense, Compliance, Perimeter Security, Data Protection, Application Security, Operating System Security, Virtual Infrastructure, Storage Protection
• Working knowledge of physical security
• Experience adopting Zero Trust
• Strong working knowledge of DevSecOps
• Strong working knowledge of AWS and tools to support the Cloud
• Strong working knowledge of Private Cloud, Public Cloud, and/or Hybrid Cloud
• Self-starter; adaptable to change; motivated to set personal and program goals and proactively track performance against goals.
• Experience working with Risk, Security or Audit frameworks (i.e., COBIT, COSO, ISO 27001/2, NIST 800-53, NIST CSF, AICPA, BITS).
• Serve as subject matter expert for InfoSec and IT Security related topics with experience in technical control testing aligned to NIST 800-53, FISMA, and SOC.
• Possesses strong analytical skills capable of identifying, evaluating and mitigating significant risks within an enterprise.
• Strong working experience with Microsoft Office Suite and GRC tools.
• Ability to document and explain risks and vulnerabilities to both business and technical stakeholders.
• Ability to influence peers and management; ability to team cross-functionally and form relationships to achieve objectives.
• Strong oral and written communication skills and ability to work well with others and in a collaborative, complex and fast paced environment.

Nice To Haves

• Demonstrated experience using and managing Risk Management tools is desired.
• Secondary mortgage market or equivalent financial services experience is an advantage.

Responsibilities

• Lead the overall design of cyber security architecture, cyber security engineering and business architecture to ensure that the organization is compliant to cyber security policies both internally and externally.
• Contribute to the overall security vision and strategy.
• Improve operational efficiencies and reliability within U.S. FinTech’s Cyber Security tools ecosystem while continuing the teams to work in an increasingly cloud native environment as we are completely cloud based.
• Lead day-to-day management and execution of Cyber security architecture and engineering functions.
• Interface with IT professionals as well as leaders of the business to assess and manage cyber risk, share the security vision, and solicit involvement in achieving higher levels of enterprise security through information sharing and collaboration.
• Partner with leaders across the business to identify opportunities and risks and develop solutions that support U.S. FinTech, a SaaS company serving as the critical backbone of the US mortgage finance industry.
• Refine, design, and implement company-wide cyber security architecture and engineering in partnership with 2nd and 3rd lines of defense.
• Develop cyber security patterns to enable developers to design and build applications with appropriate security controls.
• Manage external assessment activities and synthesize information into senior level presentations.
• Serve as a subject matter expert to internal business, technology, and security teams. Proactively advise on a range of cyber risk management activities and information security industry best practices.
• Act as an ambassador and senior technical advisor for enterprise cyber security while engaging with other senior technical leaders throughout the organization.
• Develop and refine standards in partnership with Engineering, Infrastructure, Application Development, Data.
• Maintain vigilance about current threat vectors and expertise of the ecosystem of cloud security-related tools.
• Prototype new security tools and technologies based on organizational strategy and evolving threats while looking for opportunities to optimize, consolidate and manage out tools that no longer meet company needs.
• Engage in ongoing communication with peers in the Infrastructure and Application Support groups as well as the business group to ensure understanding of security goals, to solicit feedback and foster cooperation.
• Oversee deployment, integration, and initial configuration of all new cyber security solutions and enhancements to existing information security solutions in accordance with Information security policies, standards, and operational procedures.
• Lead initiatives designed to share knowledge across cyber security, technology, and business teams. Identifies, recommends, coordinates, and delivers timely knowledge to support teams regarding technologies, processes, or tools.
• Create and maintain a set of metrics to document and measure the performance and effectiveness of the Information Security program; responsible for communicating metrics to IT Leadership Team.

Benefits

• performance bonus
• 401k match
• healthcare coverage
• PTO