As a member of the Bloomin’ Brands Security team, the Security Architect contributes a high level of specialized knowledge and skill in Cyber Security to support the security and business objectives. Maintains Bloomin Brands’ high standard of security compliance in a rapidly changing, fast paced environment. This hands-on role works closely with business units and leadership to develop a risk/security/compliance framework; designing, planning, implementing, testing and auditing compliance requirements to ensure consistent adherence to company regulating entities (PCI, 3rd Party Risk). This individual works cross-functionally at all levels of the enterprise to ensure the security compliance strategy is being implemented effectively and in a timely manner.
Architecture Responsibilities (Primary Role)
* Enterprise Security SME responsible for the vetting and approval of all 3rd party vendors who desire to conduct business on behalf of Bloomin’ Brands. assuring appropriate security controls are embedded in the service offering
* Provides leadership for all IT projects requiring security certification and approval assuring that the security framework is built within the project design and functionality.
* Collaborates with Legal Team to review customer and vendor contracts to ensure that information security requirements are met
* Develops the technical artifacts that document the enterprise information security architecture and solutions
* Ensures security architecture standards and solutions meet business objectives and regulatory compliance requirements
* Contributes to the development and maintenance of the Information Security technology plans (roadmaps)
* Communicates security risks and solutions to business partners and IT staff
* Maintain knowledge of the IT security industry including the awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors; recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security
* Architect and design security solutions with minimal oversight
* Participates in evaluation of vendor proposals and solutions
Engineering Responsibilities (Secondary Support Role)
* Monitoring of security events in the SIEM, as well as other security feeds and then take appropriate action based on the company security policy.
* Knowledge of firewalls, intrusion detection/prevention systems and various Operating Systems.
* Be an advocate of information security and privacy programs across the company.
* Provide management with metrics and reports.
* Serves as an internal security threat/incident response subject matter expert.
* Perform the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing solutions in accordance with standard best operating procedures and the enterprises’ security documents
* Maintain and administer the corporate security tools, including but not limited to:
o Vulnerability Management
o Endpoint Security tools
o Password Vault
o Forensic Tools / Malware analysis
o Cloud and On-Premise environments
* Provide technical security leadership when investigating security incidents
* Monitor, configure and upgrade the necessary controls and procedures to cost-effectively protect information systems assets from intentional or inadvertent modification, disclosure or destruction; monitor systems and security tools for security alerts and escalate as needed
* Update existing departmental documentation and create documentation for new processes; develop and implement information security policies, standards and procedures
* Participate in the planning and design of enterprise security architecture
* Bachelor Degree in Computer Sciences, or equivalent prior work experience in a related field.
* One or more of the following certifications is required (Security+, Network+, CISSP, CCSP and CRISC). CISSP and CCSP are preferred
* Experience with PowerShell required and Python is a plus
* A broad understanding of the security landscape and its business context / impact
* Exceptional written and verbal communication skills, including the ability to describe technical concepts and put them into a humanized context.
* Eight to ten years in a computer related field, with at least seven in Information Security.
* Strong knowledge of OWASP, NIST, PCI, and best practices.
* Strong security knowledge and conceptual understanding of current technologies such as firewalls, VPNs, IDS/IPS and other security devices.
* Strong analytical skills (i.e., technical and non-technical problem solving skills).
* Must have the ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff and management.
* Possess strong interpersonal and project management skills
* High personal credibility and integrity.
* Must have the ability to work and effectively prioritize in a highly dynamic work environment.