About the position
Culture Amp is seeking a Security Architecture & Solutions Planning Lead to establish a guiding security vision and support the development of innovative software solutions. This role involves creating security best practices, guiding teams in evolving their existing solutions, and making decisions based on leading practices and industry standards. The successful candidate will foster collaboration, education, and support across different areas of the business, align with enterprise architecture and engineering teams, and actively manage relationships with stakeholders. They should have strong domain expertise in cloud infrastructure, familiarity with compliance and security standards, and experience with security frameworks and accreditations.
Responsibilities
- Establish and lead a Security Architecture Practice
- Develop and maintain the organizational cyber security strategy, roadmap, and reference architecture
- Align with the Enterprise Architecture and Engineering team(s) on security standards, principles, and practices
- Support the development of security policies, processes, application reference models, guidelines, and artifacts
- Develop security tooling strategies for cyber security services in support of the security reference architecture
- Create a reusable and repeatable approach to conduct security reviews of SaaS and other technologies
- Guide and streamline architectural best practices for Culture Amp
- Define a process for informing and handing over security gaps, issues, concerns, or findings to key stakeholders
- Share expertise to help guide campers on embedding cyber security controls into their solutions and projects
- Promote security and engage across Product, Engineering, and the business to ensure security is considered as a default requirement
- Cultivate and manage effective working relationships with Campers at all levels
- Report and provide feedback to the VP of Security & Risk on key learnings across the business
- Strong domain expertise of cloud infrastructure compute, network, and storage
- Familiarity with compliance and security standards across the enterprise IT landscape
- Experience working with cloud security and governance tools and cloud access security brokers
- Strong technical understanding of controls associated with web applications and infrastructure
- Capable of building security reference architecture for all-in cloud deployment scenarios
- Familiarity with enterprise security solutions such as WAF, IPS, Anti-DDOS, DLP, EDR, and SIEM
- Understanding of enterprise risk management methods and techniques in a globally distributed environment
- Growth mindset and passion for learning and using new/emerging technologies
- Ability to work independently and collaboratively on cross-functional teams
- Documenting/diagramming skills
Requirements
- Strong domain expertise of cloud infrastructure compute, network, and storage as well as the cloud control plane familiarity with compliance & security standards across the enterprise IT landscape
- Experience working with cloud security and governance tools and cloud access security brokers (CASBs)
- Strong technical understanding of controls associated with web applications and associated infrastructure
- Capable of building security reference architecture for all-in cloud deployment scenarios
- Familiarity with enterprise security solutions such as WAF, IPS, Anti-DDOS, DLP, EDR, and SIEM
- Strong compliance & security standards across the enterprise IT landscape
- Experience with various security frameworks and accreditations like ISO 27,000, NIST, Mitre, CSA, and SOC2
- Understanding of enterprise risk management methods and techniques to drive successful outcomes in a globally distributed environment
- Growth mindset who is passionate to learn and use new/emerging technologies
- Must work well independently and with others as part of a larger team and be able to collaborate on cross-functional teams
- Documenting/diagramming skills (e.g. for document)
Benefits
- MacBooks provided for work
- Share options available
- Excellent parental leave and support program
- Flexible working schedule
- Fun and inclusive digital and in-person events
- Opportunity to make a difference in people's lives