Principal Security Architect - RemoteApply
The Principal Information Security Architect role operates as the primary strategic architectural advisor to teams across Sleep Number and subsidiaries influencing secure technical design in a fast-paced retail organization.
- Advise on the optimization of Information Security toolsets and processes across the enterprise
- Advise Information Security roadmap priorities based on various inputs, including internal/external assessments, audits, and first-hand interactions knowledge of current state.
- Identify architectural and other security risks associated with enterprise retail and technology solution(s) and advise on compensating controls where necessary.
- Diligently and clearly document/communicate reference architectures and systems in a centralized location that will be understandable and usable by the entire IT Security team and key IT Partners
- Advise on Information Security Policies and Standards content and help prioritize updates
- Identify security risks and enter in centralized GRC platform for prioritization and recommend remediation. Advise on risk level and priority
- Represent the information security function in various architectural, business, and cross-functional groups and committees. Will be charged to lead certain technology-related discussion forums
- Drive the development of repeatable security patterns for existing, approved security toolsets and advise when teams have a legitimate business need for alternatives.
- Assists with the coordination and oversight of the information security capability, including positioning information security as a proactive business partner to enable, and not inhibit, business strategy
- Assists in executing directives, crafting executive-facing risk memos and presentations, programs and initiatives resulting from risk decisions, compliance activities and strategic needs of the business
- 10+ years of information technology, with 7+ years of security strategy, governance, privacy, security assessments and/or compliance
- Proven, progressive experience as a senior-level information security architect. Experience in large, geographically dispersed IT organizations (including direct experience in retail)
- Proven, progressive experience within application security and/or software engineering. This includes extensive, proven experience with advising secure development within modern methodologies (DevSecOps, CI/CD and Agile)
- Proven, progressive experience and knowledge including end to end knowledge of PCI-DSS requirements pertaining to Retail, eCommerce and Contact Centers (that accept payment)
- Proven, progressive experience with cloud platforms such as AWS, Azure or Google, specifically the Identity and Access Management risks associated with such platforms
- Consults with business leaders and stakeholders on industry trends, new technologies, threats, and vulnerabilities, requiring this role to follow emerging industry trends and threats.
- Establish constructive working relationships and foster trust with Sleep Number’s legal department and business/technology partners across the enterprise to deeply understand their business units and future roadmaps.
- Proven, progressive experience and demonstration of excellent communication skills and ability to interface will all levels of the enterprise, including non-technical stakeholders and executives. Extensive, successful experience with the confident and credible interaction with executive and legal partners
- Actively mentors mid-level and junior team members to help them advance their information security knowledge and expertise
Knowledge, Skills & Abilities
- CISSP Certification (exceeding years of confirmed experience can circumvent this requirement)
- Non-CISSP-certified candidates would be expected to pursue CISSP certification as part of developmental expectations within one year of start date
- Background in various information security domains with an emphasis on Application Security
- Experience with penetration testing practices, tools and interpreting (and challenging) pen test reports
- Proven background with cloud platforms such as AWS, Azure or Google, specifically the Identity and Access Management risks associated with such platforms
- Practical experience in the Information Security Architecture field, with emphasis on application security architecture and authorization approaches (role-based access control, direct entitlements-based, APIs)
- Strong knowledge of VDI, containers and API security
- Strong understanding of logging/monitoring, including advising across various teams using different toolsets
- Strong understanding of Information Security industry standards/best practices (e.g., NIST, ISO 27001, HITRUST) and various regulatory bodies and related security requirements (PCI-DSS, HIPAA, CCPA, SOX, GDPR) including a working knowledge of key privacy concerns
- Proven leader with excellent communication and collaboration skills with the ability to interface will all levels of the enterprise. Extensive, successful experience with the confident and credible interaction with executive and legal partners
- Strong oral and written communication skills required, including a natural ability to tailor communication to various audiences
- Must be a creative problem solver, flexible, proactive, and work in a fast paced, ever-changing environment
- Strong communication (written/verbal) and collaboration skills. Consulting, negotiation, and relationship skills. Problem solving skills
- PCI QSA or ISA certification a plus
- Red Team and/or offensive penetration testing experience (CEH and/or OSCP Certification)
- Experience with HITRUST
Recently Viewed jobs
No jobs have been viewed recently.
Sorry, you do not have any saved jobs.
“Sleep is integral to a happy healthy lifestyle and it has such a huge impact on everyday life. Sleep Number is a unique company to work for because you’re truly helping people.”Sophia, Customer Service Representative