- Bachelor's Degree
- Master's Degree
- NIST Standards
- Analysis Skills
- Network Protocols
For assistance on how to apply, please click here
This position is responsible for the IT architecture within a specified sub-domain of the IT solution set, and acts as the trusted advisor to IT as well as the business on new and existing technologies that enable the delivery of IT services within their domain.
Create & maintain detailed records of IT capabilities across sub-domain of IT solutions: applications, infrastructure/middleware technologies, information, and business processes, including relevant attributes, dependencies, relationships (IT/technology, business processes, business users), costs, risks and roadmaps.
Advise and participate in the analysis and debate on the path forward for any enhancements or changes to an IT service or technology related tool set within the identified IT domain.
Work with the business stakeholders to fully understand their needs and deliver solutions that meet those needs and any established service level agreements.
Keep abreast of emerging technologies, standards, innovations and trends, and conduct proofs of concept to evaluate their fit for the company. Recommend resulting changes (scope, costs, timeframes) to the in-place architectures.
Proactively recommend the introduction of new IT services and capabilities to enable the business within the domain scope.
Help resolve questions of non-conformance with IT standards raised by project teams.
What is expected of you and others at this level
In-depth knowledge and experience
Uses existing solutions to resolve complex issues
Works independently; receives minimal guidance
Acts as a resource for colleagues with less experience
Minimum Qualifications & Skills
Bachelor’s Degree in Business Administration, Engineering, Information Technology or related filed required, Master’s Degree preferred
5-10 years’ relevant experience required
Application/Area Specific Responsibilities
Maintains & enhances the company’s information security management program to ensure integrity, confidentiality and availability of information. Goal is to achieve zero material business impacting incidents through proactive/preventative measures and solid recognition and response processes.
Responsible for maintaining up-to-date security policies, standards and guidelines. Also, oversees the training and dissemination of security policies and practices.
Ensures security programs follow relevant laws, regulations and policies
Leads annual penetration testing and NIST (or equivalent) assessment engagements
Plays a significant role in understanding and evaluating IT architectures and deployment configurations to ensure solid information security tactics are used.
Makes recommendations for tools and services required to maintain and enhance our posture.
Evaluates potential contract arrangements where company data is used and/or stored at a vendor’s system or cloud instance, such as XaaS vendors &/or for other service providers.
Actively helping to manage security incidents/events. Priority is to protect corporate assets, including intellectual property, regulated data and the company’s reputation.
Manages incident response activities to include documentation, training, table-top and mock exercises, and resource coordination during actual events.
Monitors environment for emerging threats. Stays current with new technologies and controls.
Provides regular reporting metrics on the current state of the program to CIO and other senior leadership
Communicates regularly with leadership team and staff on open issues, strategy and to ensure alignment between the security and enterprise architectures and infrastructure.
Works directly with business units to facilitate IT risk assessment and risk management awareness.
Responsible for a small number of direct staff & approximately $1.6M budget. Role seeks to influence all IT and business staff in achieving best practice behaviors for information protection.
Key knowledge and experience areas
Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; excellent understanding of information security concepts, protocols, industry best practices and strategies as well as the industry vendor space.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls and technical/functional specifications.
Knowledge and understanding of relevant legal and regulatory requirements (e.g. GDPR, SOX, PCI)
Must be able to prioritize work efforts – balancing operational tasks with long–term strategic security efforts.
An understanding of operating system internals and network protocols.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
Strong leadership capability, executing as appropriate within area of responsibility
5+ years of experience in network security and system security administration, vulnerability management and security penetration techniques
Professional security management certification CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or other similar credentials.
This job description is intended to describe the general nature and level of work performed. It does not include all responsibilities and skills required of the job and may be changed at any time. All responsibilities must be completed in compliance with all safety protocols, policies, procedures and consistent with the spirit and philosophy of The Andersons’ Statement of Principles.
Note: The statements herein are intended to describe the general nature and level of work being performed, but are not to be seen as a complete list of responsibilities, duties, and skills required of personnel so classified. Also, they do not establish a contract for employment and are subject to change at the discretion of the employer. The Andersons, Inc. is a Drug-Free Workplace. The Andersons, Inc. is an EO employer – M/F/Veteran/Disability/Gender Identity/Sexual Orientation.
Note: The Andersons, Inc. conducts drug and alcohol testing of applicants and employees. A copy of our drug and alcohol testing policy is available by contacting the HR Department at firstname.lastname@example.org .
We do not accept resumes from headhunters, placement agencies, or other suppliers that have not signed a formal agreement with us.