Job Overview:
In this exciting role, you will be developing and maintaining a 5-year roadmap covering all cyber security domains including defense-in-depth, network security, identity and access management, cloud security, data security, application security, cyber security analytics, endpoint security, security orchestration and automated response (SOAR), and compliance. This involves monitoring & tracking cyber security vendor/partner/MSSP ecosystem and identify opportunities to PoC/trial innovative new solutions that can further Sobeys interests.
You can identify the gaps between the future-state and current-state cyber security architecture at Sobeys and develop plans for moving toward the future state. This includes cyber security risk assessment and privacy impact assessment for new complex programs initiated at Sobeys all while developing repeatable standards and checklists for secure-by-design assessments.
What you’ll do:
- Prepare position papers for business opportunities
- Monitor & track regulatory and industry developments around cyber security and privacy
- Work closely with legal/chief privacy officer, enterprise risk management, and internal audit to progress the roadmap on enterprise security controls
- Define principles to guide solution decisions for the enterprise
- Able to communicate between cross-functional teams:
- Define models, including solution patterns, to guide IT solution decisions for the enterprise
- Ability to analyze project, program and portfolio needs, as well as to determine the resources needed to achieve objectives and overcome cross-functional barriers
- Collaborate on the implementation of EA through the organization; align on EA best practices, processes, and templates
- Work closely with business units (Marketing, Finance, Operations, etc.) to understand short- and long-term security and privacy requirements
- Work with Enterprise Architects and other IT leads to ensure security and privacy are built into the technology roadmap
What you’ll have:
- Minimum 10 years progressive work experience in Information Technology
- Adept in threat risk modelling and attack surface assessments
- Minimum 5 years of technical experience in cyber security
- Thorough understanding industry frameworks and standards including NIST, ISO, COBIT, PCI, etc.
- Ability to effectively research emerging technologies and trends, standards, and products
- Ability to balance short-term results with long-term needs and to offer incremental approaches to achieve strategic objectives
- Experience in security and privacy impact assessment for very large and complex architectures, desired
- Undergraduate degree in computer science or engineering
- 2+ year as an Enterprise Architect or Solution Architect