Enterprise Security Architect

ITHAKA is looking for an Enterprise Security Architect who can help the organization achieve the highest possible levels of system and data protection and security awareness. You will be responsible for ensuring that ITHAKA's mission and business are protected from cybersecurity threats and risks, working with and advising colleagues to implement that protection.

As Enterprise Security Architect, you will work as  a member of the Architects team, reporting to the chief architect. In this role, you will advise the Engineering and Information Technology teams supporting the organization on best practices and systems for effective cybersecurity.

You will lead the efforts to create and evolve the security strategy for ITHAKA, effectively addressing risks to our current and future business and customers. You will help implement this security strategy by developing policies, compliance activities, and security awareness across the organization.

Responsibilities:

• Develop and define the organization's overall cybersecurity strategy, with an understanding of our current and emerging business and risk.
• Collaborate with Engineering and IT teams to design and implement effective security practices in their workflows and systems.   
• Guide engineers and information technologists in developing skills for risk assessment and threat modeling.
• Develop application-specific security requirements to enable engineering teams to improve alignment with standards like Open Worldwide Application Security Project (OWASP).
• Understand, review, and analyze existing security policies, assist in their evolution, and evaluate risks as the business and environment change.
• Leverage your technical and security expertise to benefit the organization, while staying up to date with emerging trends and advancements through continued education and certification.
• Lead the organization's security incident response plans and activities alongside the organization's existing non-security incident practices.
• Lead and manage ITHAKA's Security Awareness Training program to educate employees and promote a culture around cybersecurity in coordination with the Technology Services team.  
• In consultation with ITHAKA's Legal team, develop compliance with relevant regulations (General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) as significant examples).
• Manage the relationship and oversee work with related managed-services providers.
• Assure systems and policies are documented according to current SOC 2 control criteria and conduct System and Organization Controls 2 (SOC2) examinations on critical control components.  
• Assist and advise audit processes, auditor relations, and help to reduce the toil and complexity of audits.
• Assist and advise on ITHAKA's business continuity strategy.
• Provide regular communication to stakeholders on security status and emerging threats.

Experience and Skills

• 5 years or more experience in IT/Security roles.
• Demonstrated experience mentoring and coaching engineers and information technologists in security matters.
• Working knowledge and experience with AWS VPC, Fastly, and on-premises Cisco networking, to assess and address security considerations.
• Proven experience with security in cloud environments. AWS security experience strongly preferred, Azure security experience a plus.
• Experience with Qualys and AWS Inspector for vulnerability assessment and security monitoring.
• Experience identifying and designing against security vulnerabilities, such as those found in the OWASP Top 10 and Common Weakness Enumeration (CWE) Top 25. Java, JavaScript, Python, micro-services, Kubernetes, micro-front-ends, and AWS Lambdas are all in use.
• Experience in secure software development and delivery, preferably Agile, Devops, and DevSecOps.  GitHub, CI/CD via GitLab, Kubernetes, and Renovate.
• Experience with risk assessment and threat modeling methods.
• CEH, CISSP Certification, or other significant security certifications.
• Familiarity with frameworks like CIS Controls, the AWS Shared Responsibility Model, or similar controls, and applying them in an organization.
• Excellent communication skills, across many communication modes.  
• Ability to work cross-functionally with various internal and external stakeholders.

Work Authorization and Sponsorship 

ITHAKA is not currently considering candidates who require any type of immigration sponsorship (additional work authorization or permanent work authorization) now or in the future to work in the United States.

Compensation and Benefits

At ITHAKA we believe in openness and equity. Part of living those values is our commitment to clarity about salary ranges, so candidates know what to expect. The starting salary for this position ranges from $152,000 to $190,000 per year. Starting pay may vary with job-related knowledge, skills, and experience. At present, our total compensation package for benefits-eligible employees includes medical, dental, and vision plans, an employer-paid 10% retirement contribution, paid parental and caregiver leave, 22 days of paid time off, 11 paid holidays, up to 12 sick days, wellness benefits, and more. Please note that ITHAKA, at its discretion, may make changes to its benefits programs from time to time.

#LI-JS1

#LI-REMOTE