The Global Infrastructure Security Architect is responsible for the development and delivery of a comprehensive information security program for General Motors Financial to assure that information created, acquired or maintained by our cleint is used in accordance with it’s intended purpose and to protect our cleints information and infrastructure from external and internal threats. Additionally, this position is also responsible for leading and executing Global information security strategies, programs, and enhancements. Requires a strong data security, cyber security, and technology foundation. Experience with broad Global security regulations, standards, data protection, and risk assessment in addition to North American regulations. Requires the ability to work both strategically and tactically, and consult with senior management. You will be assigned to multiple projects, asked to define security requirements, consult on security policy, and develop process documentation. The Global Information Security department strives to ensure the availability, confidentiality and integrity of our cleints information assets and business objectives, wherever they reside. Information Security is part of the risk management organization and aligns closely with IT Security who operates and maintains the security technology and services for the company.
- Work with IT departments, IT Architects, data custodians and governance groups to develop and update our clients security policies, standards and procedures.
- Assist security management in creating, reviewing and updating the Information Security strategy on a periodic basis.
- Recommend and implement changes in security policies and practices in accordance with changes in privacy law or financial sector security practices.
- Initiates, facilitates and promotes activities to create information security awareness within the organization.
- Coordinates the development and delivery of an education and training program on information security and privacy for employees, contractors and other authorized users.
- Manage the efforts to conduct information security control assessments for systems which store customer information whether hosted internally or cloud based.
- Develop and manage an Incident Reporting and Response Processes to address security incidents, policy violations and external complaints.
- Assess and communication security risks associated with any purchases or practices performed by the company.
- Provides function/business requirements for security solutions/initiatives and identifies areas to improve our clients security posture.
- Provides input to engineers for additional configuration via IT project management and change management.
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
- Acts as a mentor providing guidance to all team members on security issues.
- Must have knowledge and stay up to date on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities.
- Actively partner with infrastructure, application and other stakeholders to ensure deployed solutions minimize security and privacy risks.
- Strong analytical skills.
- Excellent verbal communication skills.
- Strong interpersonal skills.
- Ability to meet time sensitive deadlines required.
- Ability to work collaboratively and build consensus is essential.
- Ability to make sound decisions and exercise good judgment pertaining to operating procedures and projects.
- Ability to manage business and technical relationships with internal and external clients.
- Bachelor’s degree in Information Technology, Information Security, Information Assurance, Information Management or equivalent experience.
- Certification in one or more IT Security disciplines is required. CISSP or CISM is preferred.
- Certification in one or more networking technologies is preferred. (CCSP, Checkpoint, etc.)
- Experience with the financial industry and regulations is preferred.
- Experience with firewalls, IDS, log management and troubleshoot network devices.
- Possesses knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT architecture, Monitoring, Incident Response and Security Strategy.
- 7 years of experience in Information Security or IT.