IT Security Architect - Director
You would join a newly established global IT security program as a IT Security Architect - Director of global IS security. This company is global manufacturing company with operations in North America, Europe and Asia/Pacific with each region having a separate IT leader. Right now the security is being managed regionally but with the companies’ upcoming ERP implementation (roll-out January 2), they are looking to formalize the security approach with a leader who will have an enterprise view of security globally.
The CEO doesn’t want just a “policy person”. He needs a person that has the know-how to work across a global organization and use this to develop and implement policies. They want a “doer”, someone that isn’t just a policy maker but a leader that has recent technical expertise as well as the best practice and oversight ability to coordinate and implement solutions in a global IS security model. A deep technical expert who is able to make strong recommendations based on personal knowledge regionally and globally. You will coordinate with IT leaders and Security team members in each region on quality and regulatory considerations that are specific to each region.
Who will this person report to: VP IT dotted line to general counsel. This is mostly due to the amount of systems transformation going on currently and with the upcoming ERP implementation, the CEO feels its important for this position to plug into IT but still have a seat at the table with the business with regulatory/financial impacts being in the legal domain.
Headcount: There will be future N. American headcount reporting to this person and there are current IT/Security positions/head count this person will be able to utilize coming in the door to build a team with. This person will be doing an initial assessment and will have at least 3 positions they will have at their disposal right away. Whatever spending for 3rd party support around testing or other relevant areas will be at their disposal as well.
Systems environment: Outlook/email , treasury, ERP, bank clearing and Quality systems are all global. Microsoft Outlook, Office 365, mobile integrations, JDE, Oracle, MFG pro moving to new ERP (SAP/Oracle) SAS/Hyperion for global consolidations, EPQ for quality systems (incoming inspections and medical compliance). The new ERP is 60 days from being implemented and they are targeting SAP HANA or Oracle Cloud. They still are not sure which direction they are going but the implementation is targeted for January 2, 2019. There are 2 principle Data Centers in US, 1 in Paris and 1 in Amsterdam with the European HQ in Switzerland.
Security Frameworks: They promised themselves that by the end of the year they will pick one. They have to pick one by November for local security regulation considerations. Europe teams have evaluated the both the ISO standards, the NA team likes NIST and is leaning in that direction (CEO likes NIST).
Security now: They do patches, security penetration testing from 3rd parties; they understand vulnerabilities, dual auth for access. They don’t have FT people focused on security with the exception of a recent, less sr. hire in Europe. This position WONT be responsible for physical security.
Data domain: Employee/personal and company devices interface with the network is the current extent of mobile presence. They do manufacture equipment which produces user information (location, usage and power) that comes through a global network. They take very detailed anatomic information and increasing amounts of personal data is being harvested from their products. This area is an opportunity for business growth and data use expansion but also more data security risk. They are taking Credit Card information from some customers, HIPPA and GDPR data considerations for drop shipping direct to customers (privacy concern) and also take P-cards.
Expectations 6 months: Deploying dual authentication and establishing a tighter perimeter around mobile devices. Then will be data segregation and payroll, Social Security, tax data, etc.. Following that the focus will be keeping us ahead of mobile attacks. The remotely hosted ERP will be a simpler perimeter to secure and you will have an opportunity to develop better policies on mobile access and rights. QAD is hosting in Europe and they are targeting AWS or Azure for NA ERP hosting.
- Articulate Policy with the “Executive temperament” to interact with the BOD
- Day to day technical work and provide oversight/direction
- Prior work with HIPPA, Health Care industry data familiarity preferred
60% Coordination with regional IT & security leaders
40% Technical guidance and hands-on with new security solutions, architecture outside NA, security challenges, rate of attacks/hacks/phishing
Knack & Tumbler Search has over 25 years of experience locating and attracting scarce technical talent for some of the worlds largest corporations. Our process and extensive proprietary database of contacts renders ideal matches for persons and positions. We are committed to spend time to get to know you, your needs, and expectations prior to conducting the search or introducing you to a potential new employer.
Role: Sr. IT Security Architect - Leader
Apply for this job now.