Information Security Architect

Information Security Architect

What you will do

Johnson Controls is looking for an Information Security Architect. The role is part of the Global team, reporting into the Chief Security Architect. Our new colleague will partner closely with technology (Cybersecurity, IT) and business teams to generate new security architectures, technical standards, controls, and processes which protect Johnson Controls systems and data. As part of Security Posture Assessment, the individual will ensure compliance with established architecture direction and standards is followed during deployment. Works with Service Management and Stakeholders to collect functional requirements and ensure the most effective solution is used.

How you will do it

The responsibilities of the Information Security Architect include, but are not limited to:

• Design and follow-up on the implementation of security reference architectures across the enterprise and in Global Information Security
• Review system security measures and security processes and recommend enhancements. Ensure that controls, current designs and processes are adequate to protect the sensitive information systems
• Produce high-quality security architecture specifications, white papers, technical documentation, roadmaps and presentation materials
• Provide technical input into security related standards, technology roadmaps, support requirements and management infrastructure designs
• Make recommendations for improvements in network, identity and access & identity management and infrastructure based on current industry standards
• Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
• Follow the Security Posture Assessment process, which involves research, validation, and evaluation of all new initiatives, with phase gates reviews presented to all stakeholders during the process
  • Design Approval. Approve the finished design, ensuring it follows company policies and procedures
  • Build approval. Validate that the project has implemented a system that conforms to company policies and procedures.
• Provide team support with validating security controls
• Identifies relevant risks for third party solutions that are assessed
• Acts as an internal consultant to business units and Infrastructure IT
• Provides management with accurate and complete status information

What we look for

Required

 The successful candidate will be a passionate information security professional with the ability to communicate to different business and Project managers. The candidate will be able to execute the Information Security architecture management strategy defined by leaders. The candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven team leader and security strategist. 

• A minimum bachelor’s degree in computer engineering, computer security or computer science discipline or equivalent experience
• 7-10 years of information security related experience working with teams in security operations, incident analysis, developing applications, and security applications. 
• Experience using security architecture frameworks (SABSA, TOGAF etc.) and tools (Archi, Visio) to create and manage designs
• Advanced understanding of tools and techniques used by attackers to gain entry into corporate networks, including common IT system flaws and vulnerabilities
• Demonstrated knowledge on threat landscapes and threat modelling, security threat and vulnerability management, and security monitoring
• Broad technical experience in several security disciplines including endpoint and platform (Unix/Linux/Windows, mobile) controls, encryption/tokenization, identity and access management, PKI, data protection, Cloud Security (AWS, GCP, Azure), network security (web proxies, reverse proxies, load balancing, IDS/IPS, firewall, wireless, and remote connectivity) and security tooling integration in complex environments
• Knowledge of network security architecture, understanding of the TCP/IP protocol, and remote access security techniques/products.
• Expert ability to analyze and identify risks in network and system designs and communicate with key stakeholders to address the risk and drive a solution
• Demonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences 
• Candidate must be able to react quickly, decisively, and deliberately in high stress situations 
• Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a global team setting
• Ability to create and maintain good business relationships with counter parts, customers, and external entities to achieve the security operations management goals
• Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
• Familiarity of regulatory compliance requirements (PCI-DSS, HIPAA, FISMA, SOX)
• Familiarity in National Institute of Standards and Technology (NIST) as they apply to FISMA 

 Desired Certifications (but not required): 

• Certified Information Systems Security Professional (CISSP) 
• Certified Information Systems Security Professional - Information Systems Security Architecture Professional (CISSP-ISSAP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Ethical Hacker (CEH)
• Cisco Certified Network Associate Security (CCNA Security)
• Cisco Certified Network Associate (CCNA)
• Cisco Certified Network Professional Security (CCNP Security)
• Cisco Certified Network Professional (CCNP)
• Server Platform Certifications (Microsoft, Linux)

Experience Level

Senior Level