Principal, Security Architect
The Principal will be responsible for providing technical guidance and thought leadership for Information Security programs and projects.
This role will play an integral part in the successful implementation of the Information Security strategy and roadmap. The Principal is expected to have a broad and deep technical background in Information Security and understand how it relates to the other areas of information Systems.
The Principal will play a key role as an advisor to projects, ensuring that proposed designs and solutions adhere to Ingram Micro’s Information Security standards and policies.
The Principle must have a working knowledge of security and privacy frameworks, as well as understand their usage in a large, global enterprise.
The Principal must have excellent communication skills, both written and verbal. This role will be required to interpret technical information and make it understandable to a non-technical audience.
The Principal is expected to work autonomously and collaboratively, both within the Strategy and Architecture team and with other areas within Information Security. This role will Enhances security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members, teaching improved processes, and mentoring team members.
This role will report to the Sr. Manager, Security Strategy and Architecture.
- Project Deliverables – Reviews and approves program and project deliverables. When multiple options exist, the Principal makes a recommendation to the Sr. Manager, Security Strategy and Architecture. The Principal must be able to articulate, in writing and verbally, the rationale for the recommendation.
- Problem Solving – The Principal will be assigned challenging technical problems that need to be solved. The Principal must be able to break down the problem in order to identify the individual components, engage the appropriate resources, and methodically solve the problem. The ability to clearly document and explain the root cause of the problem and make recommendations for a solution are essential.
- Technology and Trends – The Principal is expected to remain current on Information Security technology and trends by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; and participating in professional organizations.
- Risk-Based Decisioning – The Principal shall have extensive knowledge of how threats, vulnerabilities, and weaknesses affect risk, how to determine and quantify risk, and how to reduce residual risk. The Principal will use this knowledge to prioritize projects that require the most assistance or oversight.
- Best Practices – The Principal is an expert in information security processes, standards, and best practices.
- Documentation and Presentations – The principle must be able to explain and document complex technical information so that it can easily be understood by a non-technical audience. The Principal creates and, in some cases, presents this information to the Information Security leadership team, including the CISO.
- Training and Mentoring – The principal is a technical mentor and provides coaching to L3 security associates. The principal shall also be an evangelist for Information Security to other areas withing the Company by accepting ownership for new and different requests, and exploring opportunities to add value to job accomplishments.
- Process Development – The Principal will assist the Sr. Manager in the development, documentation, and implementation of business processes across multiple teams and departments.
What you bring to the role
- Bachelor’s degree in Computer Science, Engineering, Science, Math, or Cyber Security related field is required.
- Over 10 years of information security experience, preferably across multiple disciplines. At least 4 years of experience as a security architect.
- Knowledge and understanding of various disciplines, such as policy, training, risk management, offensive security, supply chain security, PCI compliance, network architecture, application development, and project management.
- Demonstrated knowledge of industry standards and methodologies, including NIST-CSF, MITRE ATT&CK Framework, PCI DSS, ISO 27001/27001, etc.
- Technical understanding of security tools, applications, and their integration into data center operations and infrastructure.
- A track record of success in defining and developing information security architectures, collaborating with teams, and delivering a strategy across a large, complex, international organization with a mixture of legacy and new technology.
- Strong written and verbal communication skills to effectively interact with all levels on security matters and provide solutions in a timely manner.
- Relevant security certifications (CISSP, CISA, CISM, etc.).
This is not a complete list of job duties, It’s a representative list of this tasks that this position is envisioned to undertake.