Director, Information Security Architecture

  • Competitive
  • Beijing, Beijing Shi, China
  • Permanent, Full time
  • S&P Global
  • 20 May 19

Director, Information Security Architecture

JobDescription :
Primary Responsibilities

  • Provide end to end Security Architecture reviews as part of the IT lifecycle.
  • Interpret and apply understanding of policy, process, and business architecture, legal and political implications in order to assist the development of technical solutions or controls.
  • Maintains a deep understanding and application of security concepts at a technical level.
  • Able to effectively translate and communicate security and risk implications to technical, non-technical stakeholders.
  • Work with risk owners to advise, give feedback on level of risk and recommend mitigating controls
  • Understand the impact of vulnerabilities on existing/future designs and current live systems and articulate appropriate risk-based responses
  • Drive security through globally standardized automation with CI/CD processes.
  • Partner with key IT service providers to ensure industry standard platform, network and endpoint security posture.
  • Ensure industry standard framework implementation
  • Influence security policy, standards and guidelines.
  • Participates in internal, external and regulatory audits and requests for information.

  • Must be a subject matter expert for the company's security processes across multiple domains and disciplines - on premise and cloud / SaaS based applications, data, infrastructure and mobile solutions.
  • An absolute passion for information security and knowledge of the latest threats, trends and concerns at a global level.
  • 5+ years' experience in some combination of the following disciplines with an emphasis on information security: network architecture, IT perimeter design, threat modelling, security architecture, application architecture and design, authentication platforms, industry standard frameworks (NIST, ISO), physical security, DNS, VPN, URL Filtering, SIEM design, Email security, Cryptography concepts.
  • Must be highly collaborative, able to effectively interact with peers, management and leadership teams, excel at cross-team initiatives and act with a sense of urgency when security issues or requirements arise.
  • Demonstrable deep technical knowledge on all facets of Information Technology and Information Security.
  • Demonstrated knowledge of common adversary tactics, techniques, and procedures (TTPs).
  • Intimate knowledge of the Cyber Kill Chain and other relevant network defence and intelligence frameworks.

  • Knowledge and experience of Cloud deployment models and architectures
  • Experience of Agile methodologies - TDD, Scrum, Kanban

Education Requirements
  • A minimum of a Bachelor's Degree in Information Systems, Computer Science, Engineering, or equivalent experience
  • CISSP and/or SANS certification preferred
  • Networking certification (CCIE) a plus