Principal Security Architect - Remote

Apply

Position Purpose

The Principal Information Security Architect role operates as the primary strategic architectural advisor to teams across Sleep Number and subsidiaries influencing secure technical design in a fast-paced retail organization.

Primary Responsibilities

  • Advise on the optimization of Information Security toolsets and processes across the enterprise
  • Advise Information Security roadmap priorities based on various inputs, including internal/external assessments, audits, and first-hand interactions knowledge of current state.
  • Identify architectural and other security risks associated with enterprise retail and technology solution(s) and advise on compensating controls where necessary. 
  • Diligently and clearly document/communicate reference architectures and systems in a centralized location that will be understandable and usable by the entire IT Security team and key IT Partners
  • Advise on Information Security Policies and Standards content and help prioritize updates
  • Identify security risks and enter in centralized GRC platform for prioritization and recommend remediation.  Advise on risk level and priority
  • Represent the information security function in various architectural, business, and cross-functional groups and committees.  Will be charged to lead certain technology-related discussion forums
  • Drive the development of repeatable security patterns for existing, approved security toolsets and advise when teams have a legitimate business need for alternatives.
  • Assists with the coordination and oversight of the information security capability, including positioning information security as a proactive business partner to enable, and not inhibit, business strategy
  • Assists in executing directives, crafting executive-facing risk memos and presentations, programs and initiatives resulting from risk decisions, compliance activities and strategic needs of the business

Position Requirements

  • 10+ years of information technology, with 7+ years of security strategy, governance, privacy, security assessments and/or compliance
  • Proven, progressive experience as a senior-level information security architect. Experience in large, geographically dispersed IT organizations (including direct experience in retail)
  • Proven, progressive experience within application security and/or software engineering.  This includes extensive, proven experience with advising secure development within modern methodologies (DevSecOps, CI/CD and Agile)
  • Proven, progressive experience and knowledge including end to end knowledge of PCI-DSS requirements pertaining to Retail, eCommerce and Contact Centers (that accept payment)
  • Proven, progressive experience with cloud platforms such as AWS, Azure or Google, specifically the Identity and Access Management risks associated with such platforms
  • Consults with business leaders and stakeholders on industry trends, new technologies, threats, and vulnerabilities, requiring this role to follow emerging industry trends and threats.
  • Establish constructive working relationships and foster trust with Sleep Number’s legal department and business/technology partners across the enterprise to deeply understand their business units and future roadmaps. 
  • Proven, progressive experience and demonstration of excellent communication skills and ability to interface will all levels of the enterprise, including non-technical stakeholders and executives.  Extensive, successful experience with the confident and credible interaction with executive and legal partners
  • Actively mentors mid-level and junior team members to help them advance their information security knowledge and expertise

Knowledge, Skills & Abilities

  • CISSP Certification (exceeding years of confirmed experience can circumvent this requirement)
  • Non-CISSP-certified candidates would be expected to pursue CISSP certification as part of developmental expectations within one year of start date
  • Background in various information security domains with an emphasis on Application Security
  • Experience with penetration testing practices, tools and interpreting (and challenging) pen test reports
  • Proven background with cloud platforms such as AWS, Azure or Google, specifically the Identity and Access Management risks associated with such platforms
  • Practical experience in the Information Security Architecture field, with emphasis on application security architecture and authorization approaches (role-based access control, direct entitlements-based, APIs)
  • Strong knowledge of VDI, containers and API security
  • Strong understanding of logging/monitoring, including advising across various teams using different toolsets
  • Strong understanding of Information Security industry standards/best practices (e.g., NIST, ISO 27001, HITRUST) and various regulatory bodies and related security requirements (PCI-DSS, HIPAA, CCPA, SOX, GDPR) including a working knowledge of key privacy concerns
  • Proven leader with excellent communication and collaboration skills with the ability to interface will all levels of the enterprise.  Extensive, successful experience with the confident and credible interaction with executive and legal partners
  • Strong oral and written communication skills required, including a natural ability to tailor communication to various audiences
  • Must be a creative problem solver, flexible, proactive, and work in a fast paced, ever-changing environment
  • Strong communication (written/verbal) and collaboration skills. Consulting, negotiation, and relationship skills.  Problem solving skills

Preferred Skills

  • PCI QSA or ISA certification a plus
  • Red Team and/or offensive penetration testing experience (CEH and/or OSCP Certification)
  • Experience with HITRUST
Job ID R6005
Apply

Recently Viewed jobs

No jobs have been viewed recently.

Saved jobs

Sorry, you do not have any saved jobs.

Sophia, Customer Service Representative

“Sleep is integral to a happy healthy lifestyle and it has such a huge impact on everyday life. Sleep Number is a unique company to work for because you’re truly helping people.”

Sophia, Customer Service Representative

Job Alerts

Be the first to know about events, exclusive updates and get the job info that matches what you’re looking for. Simply type to search for a job category or location – and then click “ADD.” You can even add multiple categories and locations. Press “SIGN UP” and your job alerts will be on their way.

Interested

  • Information Technology, Minneapolis, Minnesota, United StatesRemove