Global Information Security Architect

CooperVision, a division of CooperCompanies (NASDAQ:COO), is one of the world’s leading manufacturers of soft contact lenses. The Company produces a full array of daily disposable, two-week and monthly contact lenses, all featuring advanced materials and optics. CooperVision has a strong heritage of solving the toughest vision challenges such as astigmatism, presbyopia and childhood myopia; and offers the most complete collection of spherical, toric and multifocal products available. Through a combination of innovative products and focused practitioner support, the company brings a refreshing perspective to the marketplace, creating real advantages for customers and wearers. For more information, visit www.coopervision.com.

Job Summary:

The security architect provides expert guidance for addressing current security issues but has the foresight to see where the industry is headed and proactively deliver optimal secure solutions. The architect is expected to think like an adversary and identify how solutions should evolve as the threat landscape changes. A senior-level role, the architect possesses strong communication and organizational skills, and the ability to guide less experienced coworkers. The architect provides technical leadership to delivery and solution design team members, and advises executive leadership regarding matters of significant importance to the organization.

• Remain current with new security threats and assess systems to ensure they can defend the business.
• Constantly research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership.
• Research, validate and deploy solutions meeting security and business needs.
• Formally develop security team standards, policies, procedures and processes.
• Influence the planning and execution of incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Possess a DevOps focus across technology and security architecture, automation, integration and distribution.
• Drive security efficiencies, enabling security team members to work on more advanced tasks. 
• Partner, coach and functionally lead IT, engineering, development and business teams.
• Perform engineering performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted. 

Travel Requirements: 5%

Knowledge, Skills and Abilities:

• Experience with Amazon Web Services (AWS), Microsoft Azure, and Google Public Cloud (GPC).
• Proficient with scripting in Python, JavaScript, PowerShell, PHP or Ruby.
• Familiarity with modern frameworks and programming practices.
• DevOps background with experience in compliance obligations, including experience with version control systems such as Git.
• Experience with one or more of the following: ISO 27001, NIST, Payment Card Industry Data Security Standard (PCI DSS), Health Information Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act, Sarbanes-Oxley Act (SOX) the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards or Service Organization Controls (SOC) 2.
• Working knowledge of Windows, Linux and Unix.
• Familiarity with state and international privacy laws.
• Ability to think strategically and tactically, with effective decision-making skills.
• Experience with purple teaming (red and blue) to train, identify and remediate issues cohesively.
• Ability to comprehend complex technical documentation and create comprehensive documentation for technical teams.
• Highly trustworthy; leads by example.

Work Environment:

• Normal office environment
• Prolonged sitting in front of a computer

Experience:

• At least 10+ years’ experience in cybersecurity, including compliance and risk management with a background in system and network security engineering.
• A proven deep background (preferred 5+ years in addition to cybersecurity) in technology design, implementation and delivery. 
• Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private and hybrid environments.
• Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls. 
• Excellence in communicating business risk from cybersecurity issues.
• Experience driving measurable improvement in monitoring and response capabilities at scale.
• Experience architecting SIEM systems, threat intelligence platforms, security automation and orchestration solutions, IDS/IPS, file integrity monitoring (FIM), data loss prevention (DLP) and other network and system monitoring tools.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.

Education:

• Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent experience.
• CISSP (required); CISM and/or SANS certifications preferred

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.

For U.S. locations that require disclosure of compensation, the starting base pay for this role is between $139,958.00 and $ 199,940.00 per year and may include cost of living adjustments.  The actual base pay includes many factors and is subject to change and modification in the future.  This position may also be eligible for other types of compensation and benefits.

#LI-RK1