Information Security Architect

What you will doJohnson Controls is looking for an Information Security Architect. The role is part of the Global team, reporting into the Chief Security Architect. Our new colleague will partner closely with technology (Cybersecurity, IT) and business teams to generate new security architectures, technical standards, controls, and processes which protect Johnson Controls systems and data. As part of Security Posture Assessment, the individual will ensure compliance with established architecture direction and standards is followed during deployment. Works with Service Management and Stakeholders to collect functional requirements and ensure the most effective solution is used.How you will do itThe responsibilities of the Information Security Architect include, but are not limited to:Design and follow-up on the implementation of security reference architectures across the enterprise and in Global Information SecurityReview system security measures and security processes and recommend enhancements. Ensure that controls, current designs and processes are adequate to protect the sensitive information systemsProduce high-quality security architecture specifications, white papers, technical documentation, roadmaps and presentation materialsProvide technical input into security related standards, technology roadmaps, support requirements and management infrastructure designsMake recommendations for improvements in network, identity and access & identity management and infrastructure based on current industry standardsStay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacksFollow the Security Posture Assessment process, which involves research, validation, and evaluation of all new initiatives, with phase gates reviews presented to all stakeholders during the processDesign Approval. Approve the finished design, ensuring it follows company policies and proceduresBuild approval. Validate that the project has implemented a system that conforms to company policies and procedures.Provide team support with validating security controlsIdentifies relevant risks for third party solutions that are assessedActs as an internal consultant to business units and Infrastructure ITProvides management with accurate and complete status informationWhat we look for The successful candidate will be a passionate information security professional with the ability to communicate to different business and Project managers. The candidate will be able to execute the Information Security architecture management strategy defined by leaders. The candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven team leader and security strategist. RequiredA minimum bachelor’s degree in computer engineering, computer security or computer science discipline or equivalent experience3-5 years of information security related experience working with teams in security operations, incident analysis, developing applications, and security applications. Advanced understanding of tools and techniques used by attackers to gain entry into corporate networks, including common IT system flaws and vulnerabilitiesDemonstrated knowledge on threat landscapes and threat modelling, security threat and vulnerability management, and security monitoringBroad technical experience in several security disciplines including endpoint and platform (Unix/Linux/Windows, mobile) controls, encryption/tokenization, identity and access management, PKI, data protection, Cloud Security (AWS, GCP, Azure), network security (web proxies, reverse proxies, load balancing, IDS/IPS, firewall, wireless, and remote connectivity) and security tooling integration in complex environmentsKnowledge of network security architecture, understanding of the TCP/IP protocol, and remote access security techniques/products.Expert ability to analyse and identify risks in network and system designs and communicate with key stakeholders to address the risk and drive a solutionDemonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences Candidate must be able to react quickly, decisively, and deliberately in high stress situations Highly motivated individual with the ability to self-start, prioritize, multi-task and work in a global team settingAbility to create and maintain good business relationships with counter parts, customers, and external entities to achieve the security operations management goalsAbility to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential mattersFamiliarity of regulatory compliance requirements (PCI-DSS, HIPAA, FISMA, SOX)Familiarity in National Institute of Standards and Technology (NIST) as they apply to FISMA  Desired Certifications (but not required): Certified Information Systems Security Professional (CISSP)Certified Cloud Security Professional (CCSP)Certified Information Systems Security Professional - Information Systems Security Architecture Professional (CISSP-ISSAP)Certified Information Security Manager (CISM)Certified Information Systems Auditor (CISA)Certified Ethical Hacker (CEH)Cisco Certified Network Associate Security (CCNA Security)Cisco Certified Network Associate (CCNA)Cisco Certified Network Professional Security (CCNP Security)Cisco Certified Network Professional (CCNP)Server Platform Certifications (Microsoft, Linux)