Enterprise Security Architect

Enterprise Security Architect is responsible for the creation, maintenance and management of Global Security design and their lower level components consistent with security policies. Selected candidate would be required to interpret, use and apply information contained within the architecture to inform a range of Security design improvements for connected Feature and Services. Meet scheduled milestones to ensure project/program objectives are met in a timely manner. This person will have an in-depth knowledge of the Security beast practices, principles, theories and techniques for managing the activities related to systems & services. Also, lead strategy formation for the global application portfolio, architecture, components, security, fit to emerging technologies and business requirements. Provide Security measures and controls direction on the application architectural security standards globally (Corp and Regions). Recommend and participate in activities related to the design, development and maintenance of the Enterprise Architecture (EA) and develop and Secure design for each feature and services and Conduct reviews with GVCS team, and actively participate in meetings related to the designated project/s, both locally and internationally, with clients, suppliers and/or partners. Advise and recommend enterprise architecture and security strategies, processes and methodologies. Share best practices, lessons learned and constantly update the technical system security requirements based on changing technologies, and knowledge related to recent, current and upcoming vendor products and solutions. All requirement documentation will be published once the GVCS has completed the reviews and approved, participate in and manage Architecture/security working groups for the development and maintenance of the secure enterprise architecture. Collaborate with all relevant parties in order to review the objectives and constraints of each solution and determine conformance with the enterprise architecture and security. Identify and recommend areas appropriate for further study and participates in any Proof of Concept projects required to thoroughly investigate secure architectural possibilities and strengthen arguments for their adoption. Identify implementation risks and analyses potential impact on the enterprise and on the achievement of scheduled objectives. Recommend and participate in the design and implementation of standards, tools and methodologies. Participate in the design and implementation of service management standards, tools and methodologies. The selected candidate will be responsible for leading NAFTA Connectivity SDP security development efforts; participate in connected vehicle program security threat modeling and analysis, vulnerability assessment, risk management; review Security portions of SDP component supplier RFI and RFQ responses; review supplier penetration testing SOW and responses to submit quotes and enter REC's into the System. He/she will be responsible to perform peer reviews of Core SDP security specifications with each Engineering, Core Cyber Security teams and global IT; support development of security validation strategies (supplier verification testing, fuzz testing, penetration testing); support company-wide cyber security initiatives for SDP; verify that compliance requirements are met with cyber security level 5 specifications; review 3rd party applications are secure update process and authenticated execution process; develop and participate in Operational security, Incident response, emergency response plan requirements for SDP; coach and mentor DRE's and QRE's for architecture and security related questions. Requirements:

BS degree in Engineering or Computer Science.

Minimum 5 years in IT security systems and/or Secure Vehicle Connectivity Development.

Minimum three years in Secure vehicle connected systems & solutions.

Preferred Requirements:

Background in cyber security, ISACA CSX Cybersecurity Fundamentals Certificate. CompTIA Security+ GIAC Information Security Fundamentals (GISF) (ISC)2 Systems Security Certified Practitioner (SSCP)CISSP.

Possess an understanding of connected vehicle functions, interfaces, technologies, development tools and processes, operations, and business strategies and models.

Have the ability to communicate technical matters with passion and conviction about the short and long term objectives.

Must be comfortable and capable to communicate up, down, and across all functions, roles, and levels within and outside of the service delivery team.

Be proficient in data driven decision processes and have knowledge of measurement techniques such as machine learning, statistics, design of experiments, TARA, DFMEA, PFMEA, etc.

Possess an understanding of Andrio Automotive experience

Proficiency in process modeling, process ownership, and process documentation to enable continuous improvement in efficiency and speed to market.

Possess an understanding of business strategies, culture, and work to achieve results and is able to execute work beyond the scope of their individual function.

Additional Notes:

The manager added a couple of bullet points to the job description (see below), but the requirements are staying the same.

Responsible for the creation, maintenance and management of Global Security Requirements and Process that meets the Global Vehicle Cyber Security & IT policies.

Define lower level components, interfaces consistent with security policies.

Required to interpret, use and apply information contained within the architecture to inform a range of Security requirements and trace design improvements for connected Feature and Services.

Execute critical risk and Business impact assessments and continuity and recovery management plans while addressing security and business continuity concerns in a professional manner

Effectively refine and document crucial connectivity security requirements meet customer experience

Cyber Security Capabilities and Enablers mapping

Define compliance requirements for connectivity products and services (GDPR, CCPA).

May be required to travel domestically and internationally (0-20%)

May be required to drive a company vehicle. Valid driver’s license is required as well as a clean driving record.