Manager, Global IT Security Architecture in Mechanicsville, VA at Owens & Minor, Inc.

Date Posted: 10/3/2018

Job Snapshot

Job Description

POSITION SUMMARY

 

Designs and validates global IT security solutions for Owens & Minor.  Leads all initiatives to harden and evolve existing corporate security architecture, and provides IT security risk mitigation expertise.  Collaborates with management and key stakeholders on an evolving Owens & Minor security strategy, and the realization of an IT security roadmap.  Serves as subject matter expert for corporate IT security processes across multiple domains and disciplines: on premise and cloud / SaaS based applications, data, infrastructure, and mobile solutions.

ESSENTIAL JOB FUNCTIONS: 

1.       Performs security architecture, maintains related documentation, and validates solution designs spanning multiple domains (SAP and other critical business applications, Data, Infrastructure, Mobile, Cloud, etc.)

2.       Functions as a Subject Matter Expert (SME) on domestic and global security integrations and authentication elements (SSO, SAML, Certificates, Multi factor authentication, VPN, Active Directory Federation, Reverse Proxy, Identity and Access Management, SIEM, e-mail security solution (Proofpoint), URL Filtering (ForcePoint), GRC, SecureAuth, etc.)

3.       With the Security Engineer(s), Infrastructure, BASIS, Partners and Solutions teams, ensures IT security designs are functionally sound and based on best practice security standards.

4.       With applicable IT stakeholders, designs, validates, and implements effective and compliant Security Controls.  Cooperates on implementing a compliance-based Segregation of Duties (SoD) strategy and robust, risk-based operational security model.  Takes an active role in ensuring consistency of standards, policies, and best practices related to IT security operations and implemented solutions.

5.       With Security, Infrastructure, BASIS, Partners and other key stakeholders, evolves security-related processes, and implements risk-based, prioritized security solutions.  Leads efforts with Infrastructure and Managed Security Service Provider(s) on asset management cataloguing for risk mitigation/risk assessment purposes.

6.       Collaborates on Security Integration architectures for corporate mergers and acquisitions.

7.       Evaluates vendor security questionnaires, analyzing potential security impacts (risks, threats, vulnerabilities, process bottlenecks for solutions under consideration), and ensuring solutions can be implemented using best practices standards and innovations (application, service, database, network, infrastructure, mobile, cloud, etc.).

8.       Leads activities to address potential security risks including initiatives to review and perform operational risk assessments and analysis, vulnerability reviews, compliance violation checks, partner re-certifications, and penetration testing.

9.       Participates in corporate and external security audit proceedings.

10.   Coordinates the security patch management program for servers, systems, applications and devices.

11.   Leads effort to architect and validate a preferred IAM solution, and to design integration points.

12.   Functions as the lead to evolve the SIEM / Advanced (real time) Threat Management strategy and its functional architecture.

13.   Coordinates intra-team and cross team communications and activities that improve and sustain operational security functions (support, maintenance, optimizations, projects, etc.).

14.   With applicable stakeholders, creates a cohesive IT Security operating strategy that is aligned with the overall security and governance strategy and security roadmap.

15.   Stays abreast on contemporary security practices and techniques, and evaluates new offerings and methodologies that potentially minimize Owens & Minor's IT security risks.

16.   Creates, manages, and updates corporate Threat Intelligence Standard Operating Procedures.

17.   Establishes a threat modeling methodology to identify, classify, prioritize, and report on cyber threats using a structured approach.

18.   Collects information on corporate IT security threats via communication with partner institutions, mailing lists, open source news, and industry partnerships.

19.   Provides awareness to internal teams and Owens & Minor leadership on changes to the cyber threat landscape.

SUPPLEMENTAL JOB FUNCTIONS:  

Performs additional duties as directed.

Qualifications

EDUCATION & EXPERIENCE REQUIRED:  

  •  Four year university degree required.  Concentration Information Systems, Computer Science, or Information Security preferred
  • Minimum of eight (8) years an IT Security professional either in a corporate role or large agency
  • Five (5) years as an IT Security Architect highly preferred
  • Or any equivalent combination of education and experience to meet the above requirements
  • In depth knowledge of IT security, and of working in a heterogeneous environment of diverse applications, systems, databases, SaaS solutions, and on premise/Cloud-based security offerings
  • Global IT security architecture experience/exposure is highly preferred
  • SANS certification preferred

KNOWLEDGE SKILLS & ABILITIES:

  • Demonstrated understanding and experience working in complex and distributed IT environments, applying security expertise involving both on premise and cloud based solutions
  • Strong understanding of IT security and risk mitigation strategies
  • Thorough understanding of SAP's Security Architecture Model and seasoned experience with SAP Application Security: ECC, GRC, IAM, SuccessFactors, CRM, EP, Solution Manager, PLM, HANA, HCM, Analytics Cloud, etc.
  • Ability to create clear and concise documentation targeted at the appropriate audience - IT executives, Internal Business Clients and technical teams
  • Expert understanding of Active Directory / Federation Model, Multi-factor authentication, SSO, SAML, OAUTH, SSL Certificates, etc.
  • Demonstrated knowledge of common adversary tactics, techniques, and procedures (TTPs)
  • Intimate knowledge of the Cyber Kill Chain and other relevant network defense and intelligence frameworks
  • Experience with collecting, analyzing, and interpreting technical data from multiple sources, documenting the results and providing meaningful analysis products
  • Must demonstrate assertiveness and leadership qualities, deliver excellence in verbal and written communication and prioritize effectively
  • Must be capable of creating architecture and related documents for pre-existing solutions and implementations
  • Must be capable of collaborating with others regarding critical security decisions and policy and have others feel their input is being considered when decisions affect multiple teams and/or the business


None

Not Ready To Apply?

Joining our Talent Network will enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected with you.

JOIN OUR TALENT NETWORK