The Principal Cloud Security Architect is responsible for developing and leading the secure cloud computing strategy for Irvine Company. This includes working with Infrastructure and Development groups to understand their Cloud Platform adoption plans, hosted application designs, and cloud management and monitoring methods.
Requirements
- Bachelor's degree in computer science, engineering or related field.
- 15+ years in information risk management and information security technology, including 5+ years in security architecture and 5+ years in a cloud environment.
- Strong written and verbal communications skills with the ability to create and present technical recommendations to executive management as well as influence and persuade peers and others.
- Deep understanding of cloud concepts and architectures with a focus for how security controls are applied to cloud-based technologies.
- Experience managing cloud projects.
- Deep understanding and implementation of industry-leading practices for cloud security risks using frameworks and standards such as CIS Benchmarks, Cloud Security Alliance, NIST SP 800-144, 800-145, 800-291, and 800-322.
- Experience advising business and technical leadership on cloud architecture and design concepts based on compliance and regulatory standards (e.g., PII, PCI-DSS, PHI, GDPR, HIPAA).
- Demonstrated experience in designing security architectures to mitigate threats including Zero Trust, cloud environments, applications, network infrastructure and data integration/management.
- Experience in identifying gaps in existing architectures.
- Demonstrated experience in architecting and implementing large complex security solutions and programs (i.e. SOC, Identity Management, SSDLC, DLP).
- Experience in architecting security for cloud environments (IaaS, PaaS, SaaS) as well as leveraging cloud based security solutions.
- Hands on experience with leading strategic security technology solutions to enable business flexibility including SD-WAN, Wireless networks and IoT.
- Experience managing multiple projects of diverse scope and effectively collaborating in a cross-functional team environment.
- Demonstrated knowledge on how business enabling technology (e.g. IoT, A.I.) increases the threat landscape, while understanding how to apply technology and process to mitigate cyber risk.
- Knowledge of risk management processes and experience in conducting risk assessments.
- Demonstrated ability to develop and implement the overall cybersecurity architecture in alignment with the risk posture of the organization.
- Ability to automate common tasks in programming/scripting language and strong knowledge of application programming interface (API) interaction methods.
- Experience being a part of a highly technical team, including Incident Response, Security Engineering, or Forensics teams.
- Experience as an engineer in incident response efforts. This should include hands on experience completing tasks such as malware detection and analysis, memory analysis, and disk forensics.
- Certifications: IT security certifications (CISSP, CISM, GIAC, CEH, GCIH, GCFE, GXPN, CISSP-ISSAP, SABSA or similar) preferred.
Benefits
- Paid time off
- Matching 401(k)
- Health benefits
