Enterprise Security Architect

Summary

Join ITHAKA as an Enterprise Security Architect and safeguard our mission by developing and implementing a comprehensive cybersecurity strategy. You will collaborate with engineering and IT teams, guide security best practices, and lead incident response. This role requires strong technical expertise, experience in cloud security (AWS preferred), and relevant certifications. You will also manage relationships with vendors and ensure compliance with regulations like GDPR and CCPA. ITHAKA offers a competitive salary, comprehensive benefits, and a commitment to a diverse and inclusive workplace.

Requirements

• 5 years or more experience in IT/Security roles
• Demonstrated experience mentoring and coaching engineers and information technologists in security matters
• Working knowledge and experience with AWS VPC, Fastly, and on-premises Cisco networking, to assess and address security considerations
• Proven experience with security in cloud environments
• Experience with Qualys and AWS Inspector for vulnerability assessment and security monitoring
• Experience identifying and designing against security vulnerabilities, such as those found in the OWASP Top 10 and Common Weakness Enumeration (CWE) Top 25. Java, JavaScript, Python, micro-services, Kubernetes, micro-front-ends, and AWS Lambdas are all in use
• Experience in secure software development and delivery, preferably Agile, Devops, and DevSecOps. GitHub, CI/CD via GitLab, Kubernetes, and Renovate
• Experience with risk assessment and threat modeling methods
• CEH, CISSP Certification, or other significant security certifications
• Familiarity with frameworks like CIS Controls, the AWS Shared Responsibility Model, or similar controls, and applying them in an organization
• Excellent communication skills, across many communication modes
• Ability to work cross-functionally with various internal and external stakeholders

Responsibilities

• Develop and define the organization's overall cybersecurity strategy, with an understanding of our current and emerging business and risk
• Collaborate with Engineering and IT teams to design and implement effective security practices in their workflows and systems
• Guide engineers and information technologists in developing skills for risk assessment and threat modeling
• Develop application-specific security requirements to enable engineering teams to improve alignment with standards like Open Worldwide Application Security Project (OWASP)
• Understand, review, and analyze existing security policies, assist in their evolution, and evaluate risks as the business and environment change
• Leverage your technical and security expertise to benefit the organization, while staying up to date with emerging trends and advancements through continued education and certification
• Lead the organization's security incident response plans and activities alongside the organization's existing non-security incident practices
• Lead and manage ITHAKA's Security Awareness Training program to educate employees and promote a culture around cybersecurity in coordination with the Technology Services team
• In consultation with ITHAKA's Legal team, develop compliance with relevant regulations (General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) as significant examples)
• Manage the relationship and oversee work with related managed-services providers
• Assure systems and policies are documented according to current SOC 2 control criteria and conduct System and Organization Controls 2 (SOC2) examinations on critical control components
• Assist and advise audit processes, auditor relations, and help to reduce the toil and complexity of audits
• Assist and advise on ITHAKA's business continuity strategy
• Provide regular communication to stakeholders on security status and emerging threats

Preferred Qualifications

AWS security experience strongly preferred, Azure security experience a plus

Benefits

• Medical, dental, and vision plans
• An employer-paid 10% retirement contribution
• Paid parental and caregiver leave
• 22 days of paid time off
• 11 paid holidays
• Up to 12 sick days
• Wellness benefits