The Auto Club Group Enterprise IS Security Architect in Dearborn, Michigan
The Auto Club Group (ACG) provides membership, travel, insurance and financial services offerings to approximately 9 million members and customers across 11 states and 2 U.S. territories through the AAA, Meemic and Fremont brands. ACG belongs to the national AAA federation and is the second largest AAA club in North America.
Primary Duties and Responsibilities (details of the basic job functions):
Develops, integrates and implements enterprise information security architectures and solutions and serves as a security expert on the most critical security issues and complex projects. Provides expert support and oversight to the information security team and closely works with senior security engineers and IT departments to select and deploy technical controls and solutions to meet specific security requirements; defining standard architecture, that ensures security configurations are maintained and security controls are met. Develops key security standards to ensure boundary control, integrity of information and security monitoring technologies are reducing risk for the ACG enterprise.
Provides guidance and direction on best practices for protection of information and closely works with the Director of Enterprise Information Security and senior leadership teams to ensure short and long term security strategies and plans are in place for the company. Provides and develops information and input for security policies, principals and standards to ensue consistent security standards across the enterprise. Researches, recommends and advocates new technologies/architectures and security products that will support the business security requirements of the enterprise.
Experience securing and architecting cloud based infrastructures (e.g. MS Azure, Amazon AWS and Google)
Experience in software-based networking technologies a plus
Works in a temperature controlled office environment.
Required Qualifications (these are the minimum requirements to qualify):
Bachelor and/or Masters degree in Computer Science, Information Systems, Business Administration and/or equivalent security certification (CISSP, SSCP, GIAC, CEH, etc).
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
Extensive experience in/with:
Developing security architecture and security policies, principles and standards.
Participating in an enterprise architecture (EA) community, and provides strategic security guidance during the EA process.
Performing research, evaluations, and develop recommendations and plans for the implementation of new or updated information security technologies.
Providing guidance for security activities in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required.
Developing and maintaining documentation for security systems and procedures.
Investigating and resolving security violations by providing postmortem analysis to illuminate the issues and possible solutions.
Researching threats and vulnerabilities and, where appropriate, take action to mitigate threats and remediate vulnerabilities.
Developing a common set of security tools
Defining operational parameters and conducting reviews of tool output.
Provides second- and third-level support and analysis during and after a security incident.
Participating in security investigations and compliance reviews, as requested by internal or external auditors.
Maintaining an awareness of existing and proposed security-standard-setting groups, state and federal legislation and regulations pertaining to information security. Identifies regulatory changes that will affect information security policy, standards and procedures, and recommends appropriate changes.
Participation in design of web application security for ecommerce site(s).
Securing, Architecting and Integrating Cloud based Infrastructures.
Excellent technical knowledge of:
- Mainstream operating systems [for example, Microsoft Windows and Red Hat Linux] and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
Knowledge of: several of languages: (C, C , Python, Perl, PHP, ASP, SQL, C# and /or Java)
Working knowledge of:
Network security technologies (e.g. SIEM, DLP, Firewalls, IDS, IPS, application proxies and routing and switching fundamentals
Information security principles, including risk assessment and management, threat and vulnerability management, incident response, and identity and access management.
Network infrastructure, including routers, switches, firewalls, and the associated TCP/IP network protocols and concepts.
Regulatory requirements such as PCI, FFIEC and Gramm-Leach-Bliley Act
Current systems' software, protocols and standard
Cloud Infrastructures, (e.g. MS Azure, Amazon AWS and Google)
Excellent presentation, persuasion, written and interpersonal skills to include procedure and technical material, report/proposal preparation and oral presentation.
Contribute and collaborate as a lead member of a team
Work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously
Work proactively and independently
The Auto Club Group offers a competitive compensation and benefits packages including a base salary with performance based incentives; medical/dental/vision insurance, pension, 401(k), generous time off, a complimentary AAA Membership and much more!
Important Note: The above statements describe the principal and essential functions, but not all functions that may be inherent in the job. This job requires the ability to perform duties contained in the job description for this position, including, but not limited to, the above requirements. Reasonable accommodations will be made for otherwise qualified applicants, as needed, to enable them to fulfill these requirements.
The Auto Club Group, and all of its affiliated companies, is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, national origin, disability or protected veteran status.
Job: *Information Technology
Title: Enterprise IS Security Architect
Requisition ID: 1700026B