General Position Summary/Purpose:
The IT Sr Security Architect is a key member of the IT Architecture, Security, Infrastructure Team supporting the Information Technology organization within Pharmacyclics, in the development, implementation, maintenance, and compliance of IT security solutions across the enterprise.
The IT Sr Security Architect is also responsible for managing risks related to information security, physical security, business continuity planning, crisis management, privacy, and compliance. In addition, this role ensures all staff members are trained on enterprise and governmental security requirements through awareness programs.
- Develops and implements security technologies, standards, processes, policies, and guidelines for the enterprise including Identity and Access management
- Ensures and monitors security compliance with industry and government rules and regulations
- Ensures security compliance and meets all service-level agreements requirements
- Reports security performance against established security metrics
- Understands the trade-offs required to manage the different levels of risk tolerance and risk exposure across the organization and balance this with risk investments
- Coordinates with other IT groups to assess, implement, and monitor IT-related security risks/hazards
- Ensures Identity and Access reviews are performed periodically and follow through on findings and remediation's
- Follow standards in accordance with company policies and regulations (SOX, 21 CFR Part 11, FDA/GMP, NIST, ISO 27001, Six Sigma, etc.)
- Prepare and present Security testing findings to stakeholders.
- Lead and manage continuous improvement initiatives within the team
- Bachelor's Degree and minimum 5+ years of work experience with a global company
- Experience planning and executing IT Security initiatives end to end
- Execution of Security Assessments, including Vulnerability testing, Penetration testing etc.
- Experience with Endpoint Security solutions such as McAfee Suite including Anti-virus, DLP, and Encryption. Including malware remediation techniques.
- Implementation and Management of SIEM technologies, preferred SPLUNK, Enterprise Security App.
- Implementation and management of Qualys Vulnerability Management suite
- Implementation and maintenance of CyberArk Privileged Access Management suite
- Implementation and maintenance of Active Directory, Okta Single Sign-On, and 2-factor authentication solutions
- Experience with Palo Alto Networks Next Generation Firewall, WildFire, Cyvera Traps, SAFENET or Duo Security preferred
- Experience with Endpoint Forensics using tools such as EnCase Enterprise, MimeCast
- Familiarity with Dell SecureWorks managed Security Services such as 24*7 monitoring and Incident Response processes.
- Experience with BYOD and Mobile Device Management
- Experience with User Behavior Analytics and Cyber Threat Intelligence solutions preferred.
- Experience analyzing and applying information security, risk management, and privacy practices
- Knowledge of national and international regulatory compliances and frameworks such as ISO, SOX, NIST, CSA STAR.
- Self-starter / tenacious problem solver
- Ability to work on a team or independently
- Technical Leadership capability with Project and time management skills
- Excellent communication, verbal and writing skills.
- Ensure that the IT team is consistently projected in a positive light with the business users
- Ability to react to high pressure dynamic changing environments
- Ability to train security/audit concepts
Equal Opportunity Employer Minorities/Women/Veterans/Disabled
Associated topics: forensic, iam, idm, leak, malicious, security, security analyst, security engineer, threat, violation