Information Security Architect Sr (Envigado, Colombia)

Company Description

About O-I 

We are reimagining the glassmaking process, we are not afraid to push boundaries as we transform an industry that has manufactured glass in nearly the same way for over 100 years. We threw away the play book and went about designing and implementing new technology, innovating processes and bringing new benefits to our customers. This is just the beginning as we expand our offering and implement future technologies across our operations.

We are part of O-I, who with 25,000 + employees and an unparalleled footprint spanning 70 plants in 20 countries, provides us with the opportunity to make an impact on a global scale.

Job Description

The Information Security Architect is responsible for the identification and design of solutions to protect O-I information assets. This critical position ensures that security is incorporated in the planning of projects and initiatives with an impact on information technology (IT) resources.

This role works with enterprise architects, IT operations teams, business stakeholders, third parties and external service providers to ensure that the protection of enterprise resources comply with internal information security controls, security policies and regulatory requirements.

The Architect also drives the creation and regular updates of the Information Security strategy, vision, roadmap, project portfolio including budget and resources, conducts research of new technologies, designs solutions, and monitors compliance of these activities.

PRINCIPAL ACCOUNTABILITIES

• Collaborate with other O-I architects and lead the definition of standards to support information security and regulatory compliance objectives functioning as security IT architect.
• Maintain a rolling  one to three year vision (roadmap) of the enterprise information security function.
• Provide security oversight on projects to ensure alignment with corporate policies, legal, and regulatory requirements, security guidelines, customer security requirements, and industry standards.
• Monitor the emergence of new threats and vulnerabilities, assessing impacts to the O-I environment and identifying mitigating activities as appropriate.
• Stay abreast of relevant technology and security trends in order to evaluate new/future information security capabilities or requirements.
• Support the development of information security policies and standards and oversee their consistent application across the global technical infrastructure.
• Plan security systems by evaluating network and security technologies; considering requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), intrusion prevention/detection (IDS/IPS), routers, firewalls and public key infrastructures (PKIs), including use of certification authorities (CAs).
• As part of the global team, develop, test and implement network and perimeter security strategies for future O-I requirements.  Convey results to management and, if appropriate, assist in preparation of a PSR.
• Define appropriate levels of system availability based on critical system functions and ensure that system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recover/restoration.
• Document and address organization's information security, cybersecurity architecture and systems security engineering requirements throughout the acquisition life cycle.
• Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.
• Identify and prioritize critical business functions in collaboration with organizational stakeholders
• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• Provide input on security requirements to be included in statements of work and other appropriate procurement documents.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
• Analyze candidate architectures, allocate security services, and select security mechanisms.
• Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.

Qualifications

• Bachelor’s degree or equivalent in Computer Science, Cyber Security or a related discipline.
• Minimum of 10 years of experience in IT, with at least 7 years in information security or similar, relevant field.
• English Language Proficiency: Advanced level (B2+)

Skills and Abilities

• IT strategy and Enterprise Architecture: Experience with practices, methods, and tools, including systems like Open Group Architecture Framework (TOGAF).
• Cybersecurity and Security Architecture: Understanding of security architecture principles, familiarity with defense-in-depth leading practices and industry security control frameworks (NIST CFS/800-53, NIST 800-37, ISO 27000). Ability to apply cybersecurity and privacy principles to organizational requirements.
• Risk Management: Expertise in risk assessment, vulnerability scanning, and identity and access management.
• Regulatory Impact: Expertise in implementing regulatory rules and controls in IT environments. Cooperation with Legal teams around the world.
• Networking & Security: Proficiency in network design, network security, and public key infrastructures.
• Data Governance: Understanding of information classification and data modeling at an enterprise level.
• Technical Proficiency: Broad knowledge of IT areas like virtualization, cloud computing, and mobile devices.
• Industry Knowledge: Awareness of industry regulations, frameworks, and standards.
• Communication & Collaboration: Strong verbal and written communication skills, including English proficiency, and demonstrated team collaboration and relationship building.
• Problem-Solving: Responsive and thorough problem-solving skills.
• Liaison Skills: Ability to act as a liaison between various IT roles.
• Business Awareness: Pragmatism in balancing security controls with business risk.
• Certification: TOGAF; Preferable
• A recognized industry certification, including one or more of the following is desirable.
  • (ISC)2 Certified Information Systems Security Professional (CISSP)
  • Information Systems Security Architecture Professional (CISSP-ISSAP)
  • GIAC Information Security Professional (GISP)
  • GIAC Certified Perimeter Protection Analyst (GPPA)
  • GIAC Certified Enterprise Defender (GCED)
  • Certified Ethical Hacker (CEH)
  • CCNA/CCNP/CCIE Security, MCSE, CNE, SANS Certification
• Information Security: Expert knowledge of security principles and practices, including those specific to cloud environments.
• Networking & Security: Understanding of computer networking, protocols traffic flows and related models (TCP/IP, OSI)., and remote access technologies.
• Risk & Security Management: Familiarity with risk assessment, mitigation, laws, policies related to  cybersecurity, security management concepts, and Risk Management Framework.
• Cyber Threats & Defences: Knowledge of cyber threats, vulnerabilities, impact of security lapses, defence tools, and application firewall functions.
• Authentication & Cryptography: Knowledge of access control methods and cryptographic concepts, including current and emerging data encryption.
• Business Continuity & Disaster Recovery: Familiarity with continuity and disaster recovery plans.
• Enterprise Security Architecture: Understanding of the organization's security architecture and Security Assessment process.
• IT & Cybersecurity Technologies: Awareness of new and emerging IT and cybersecurity technologies.
• Software and Systems Testing & Integration: Understanding of systems testing methods and technology integration processes.
• Critical Infrastructure: Knowledge of critical infrastructure systems.
• Data Security: PII, IP and other sensitive or business centric data security standards, and cybersecurity-enabled software.
• Fault Tolerance & Demilitarized Zones: Familiarity with system fault tolerance methodologies and demilitarized zones.

Additional Information

Hybrid Work Model: We provide a flexible work arrangement, requiring employees to be on-site at our office in Centro Comercial Viva, Envigado for 2 days per week, with the remaining 3 days working from home.

Travel Recquirements: Less than 10% domestic or international travel might be required for this role.