Information Security Architecture Lead
Corporate Services - Information Technology Houston
At AlixPartners, we solve the most complex and critical challenges by moving quickly from analysis to action when it really matters; creating value that has a lasting impact on companies, their people, and the communities they serve. We prize diversity and inclusion, the intellectually curious, the inventive, and the forward-thinking. We invite you to influence the way we work and define the way we embrace tomorrow.
AlixPartners has a Hybrid Work framework to support our employees. Under this framework, generally Corporate Services people may be able to work remotely up to two days per week. How this works in practice varies by geography and function based on client and team requirements. As this framework is new post-COVID-19 pandemic, it may also change over time.
AlixPartners requires COVID-19 vaccination as a condition of employment for this position, subject to reasonable accommodation.
What you’ll do
As a member of the Information Security (IS) team, the IS Lead - Architecture will be responsible for working with the CISO and Security Leadership team to design the strategy for protecting AlixPartners information assets and the Security Program.
The Information Security Lead - Architecture is a full-time role located in Southfield, Michigan and reports to the Deputy Chief Information Security Officer. Paid relocation is not available for this position.
- Key member of the Security Team with responsibility to design the security program for the firm
- Must interact with teams focused on security program definition, program execution, and program testing
- Develop and maintain a security architecture process that enables the enterprise to implement security solutions and capabilities that are aligned with business, technology, threat and risk drivers
- Develop security strategy, plans and roadmaps based on sound enterprise architecture practices and act as liaison to the Enterprise IT Architecture team
- Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
- Develop standards and practices for security controls
- Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity, and access management (IAM)
- Track developments and changes in the digital business and threat environments to adequately address in security strategy plans and architecture artifacts
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
- Validates security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems
- Conduct or facilitate threat modeling of data risks associated with services and applications
- Ensure a complete, accurate and valid inventory of all systems, infrastructure and applications that should be logged by the security information and event management (SIEM) or log management tool
- Coordinate with the Privacy Officer to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls for adequate security (e.g., encryption and tokenization)
- Additional responsibilities as identified; this description is not designed to encompass a comprehensive listing of required activities, duties or responsibilities
What you’ll need
- Bachelor’s degree in Information Technology, Risk Management or Privacy preferred; six (6+) years of relevant work experience may be considered in lieu of education
- ISC2's CISSP, ISACA's CISA, The Open Group's TOGAF, or SANS' GIAC preferred
- Familiarity with security standards and both US and EU privacy laws (e.g., PCI-DSS, GAMP, SOX, NIST CSF, CMMC, ISO, HIPAA, CCPA, GDPR)
- Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF
- Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
- Experience designing the deployment of applications and infrastructure into public cloud services
- Ability to seek compromise, balance risk and business outcome, evangelize risk mitigation concepts, and promote freedom within fences
- Excellent written and oral communication skills; must be able to present ideas and solutions to groups of all levels within the organization with the ability to influence others and communicate their opinion (experience in consulting role preferred)
- High level of professionalism with the ability to maintain sensitive and confidential information
- Excellent problem-solving skills with the ability to resolve issues under tight time frames
- Demonstrated project management & organizational skills with the ability to lead projects and small project teams, work independently and prioritize work
- Must be familiar with, and promote and abide by, all Firm values as defined by the AlixPartners’ Code of Conduct and in terms of Ethics, Diversity and Inclusion
- Ability to work full time in an office and remote environment; physically able to sit/stand at a computer and work in front of a computer screen for significant portions of the workday
In addition to a positive workplace, the firm offers a competitive compensation package including an excellent benefit program (health, vision, dental, disability, 401K, tuition reimbursement).
AlixPartners is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, color, religion, sex, sexual orientation, gender identity, national origin, age, status as a protected veteran, or disability. AlixPartners is a proud Silver award-winning Veteran Friendly Employer.
EEO is the Law: poster_screen_reader_optimized.pdf (eeoc.gov)
EEO Supplemental Poster: EEO is the Law Poster Supplement (dol.gov)
EMPLOYER AND JOB POSTING DISCLAIMER
All genuine AlixPartners vacancies are located on the AlixPartners website. AlixPartners does not charge any application, processing or training fee at any stage of the recruitment process, and interviews will be held in-person or via a secure video tool. AlixPartners does not engage with candidates via platforms such as VIBER, Google Hangouts or other instant messaging platforms.