Security Architecture Manager

Why Black and Veatch

Black & Veatch allows you to lend your talent and perspective to humanity’s biggest challenges in a flexible environment where you are empowered to grow and explore new possibilities. We offer competitive compensation; 401K match and benefits that start day 1. 
 
Our hybrid environment allows you to balance your work and personal life. At Black & Veatch, you own your career with purpose and meaning. You are empowered to grow and explore new possibilities at every step of your career journey. Bring your big ideas knowing you are safe to be who you are and speak up with concerns or questions and put your diverse talents and perspectives to use.

The Opportunity

The Security Architecture Manager plays an integral role in defining and assessing the organization's security strategy, architecture and practices. The security architecture leader will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. 

You will be responsible for the plannning and design activities, assurance, and collaboration with stakeholders. 

• Develops and maintains a security architecture strategy and process that enable the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
• Develops security strategy plans and roadmaps based on sound enterprise architecture practices for all environments including cloud and on-premise infrastructure
• Develops and maintains security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
•  Tracks developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
• Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
• Validates security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems
• Evaluates the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assesses the providers' audit reports for security-related deficiencies and required "user controls" and report any findings to the CISO and vendor management teams
• Coordinates with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems
• Serves as the primary liaison between the enterprise architect and the systems security engineer and coordinates with system owners, common control providers, and system security officers on the allocation of security controls as system-specific, hybrid, or common controls.

The Team

Black & Veatch’s Business Enablement consists of critical groups that help enable the organizations people, projects, and businesses to be as successful as possible. Functions in this group include Digital & Information Technology, Global Finance, Global Human Resources, Legal, Risk Management, and Government Affairs and Real Estate and Building Services.

Key Responsibilities

• Determines baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM)
• Develops standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria
• Drafts security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the chief information security officer (CISO)
• Establishes a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the network operations center (NOC)
• Documents and addresses organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle.
• Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan.
• Stays up-to-date on the latest security technologies, trends, and best practices.
• Conducts or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
• Coordinates with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO
• Coordinates with the privacy officer or office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
• Reviews network segmentation to ensure least privilege for network access
• Supports the testing and validation of internal security controls, as directed by the CISO or the internal audit team
• Reviews security technologies, tools and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics
• Defines and documents how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment
• Liaises with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data for third party providers
• Liaises with other security architects and security practitioners to share best practices and insights
• Liaises with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs
• Participates in application and infrastructure projects to provide security-planning advice
• Liaises with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls

Management Responsibilities

Minimum Qualifications

• Bachelor's or master's degree in computer science, information systems, cybersecurity or a related field or equivalent 8 years of experience in cyber security.
• All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.

Preferred Qualifications

• ISC2's CISSP, ISACA's CISA, The Open Group's TOGAF, SANS' GAIC or similar certification
• Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.
• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
• Experience securing the deployment of applications and infrastructure into public cloud services.
• Full-stack knowledge of IT infrastructure:
  • Applications
  • Databases
  • Operating systems — Windows, Unix and Linux
  • Hypervisors
  • IP networks — WAN and LAN
  • Storage networks — Fibre Channel, iSCSI and NAS
  • Backup networks and media
  • Containers/Kubernetes
  • Direct experience designing IAM technologies and services:
  • Active Directory
  • Lightweight Directory Access Protocol (LDAP)
  • Amazon Web Service (AWS) IAM, Okta, Ping, Azure AD/MS, etc
  • Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
  • Change management
  • Configuration management
  • Asset management
  • Incident management
  • Problem management
• Communication skills — Translate complex security-related matters into business terms that are readily understood by colleagues. Strong skills presenting analyses in person and in written formats.
• Financial analysis — Ability to evaluate the financial costs of recommended technologies. Ability to quantify purchasing and licensing options, estimate labor costs for a given service or technology, and estimate the total cost of operation (TCO), the ROI, or the payback period for services or technologies replacing existing capabilities.
• Project management — Able to draft project plans for security service and technology deployments and coordinate with stakeholders across the organization. 

Work Environment/Physical Demands

Hybrid or flexible work options may be offered after the first 90 days of employment based upon manager discretion, job performance and work assignments.

Salary Plan

Job Grade