Job Detail

2025 - Enterprise Security Architect - Minneapolis, MN

The primary goal of Technology Governance Risk & Control Architecture is to support the global business operations by developing security architecture to help manage risks with an enterprise scope.

This position works in a team environment to provide:

• Collaboration with TGRC Risk Management teams, Platforms, Functions and business units to provide architectural solutions related to enterprise security;
• Product selection, engineering, SME and infrastructure security solutions, tools and standards;
• Project design for enterprise security architecture, including but not limited to: external connectivity, control frameworks, application security and identity and access management;
• Development of Infrastructure Security policies, standards, and procedures;
• Requirements for Enterprise Security Architecture;
• Managed security product lifecycles; and,
• Effective and efficient business and vendor relationship.

Specifically, this role will develop knowledge of business application access, processes, policies, and tools to assist in the identification and management associated with enterprise security architecture, such as third party network connectivity, MAD/JV integrations and technology risks. The position will drive collaboration with Technology Governance Risk & Controls (TGRC) organization, Enterprise Architecture, and 3rd party providers in assisting business partners in addressing architectural risk and in the development of mitigating controls.

An example of the responsibilities includes, but is not limited to, creating secure architectures and solutions, collecting and analyzing network connectivity, determine secured architecture and technology with third parties, analysis of business partners applications and data flow. The Architect will manage architectural templates such as a Network Security Design (NSD) and ensure the effectiveness of architectural processes. In addition, providing regular updates to the Risk Management committee and manager and others; as well as provide technology risk consultation to business partners.

50% - Strategy & Execution

• Design, document and remediate enterprise risks in areas such as network connectivity, application data flow, new technologies and business processes.
• Focus on new, disruptive, innovative technologies (Cloud, Mobility, Analytics) that require an integrated security architecture.
• Create and streamline enterprise security processes.
• Oversee the NSD process for creation, modification and lifecycle of documentation.
• Meet with key technical resources from IT and business to define and document processes and solutions.
• Consult, validate and monitor implementation of enterprise risk management solutions and processes such as NSD activities.
• Collaborate with other IT consultants on common risks to achieve optimization and coordination of remediation activities.
• Provide reporting on the progress and activities related to the solutions and processes to the Technology Risk & Control Manager and others.
• May be asked to lead a sub-area for Enterprise Security Architecture.

25% - Consulting

• Providing consulting and training where appropriate on Security Design (NSD) document.
• Provide architecture designs and proper controls for effective implementations of business and technology processes.
• Collaborate with Technology Risks Managers and Analysts on technology risks, gaps, reviewing Risk Watch, audit issues, and emerging risk themes to provide architectural solutions for enterprise risk themes.
• Provide policy analysis and alignment with business practices and processes.
• Enrichment of existing processes and tools across the enterprise regarding Enterprise Risk Management areas of interest.
• Considered an SME in one or more of the following areas: Cloud, Mobility, Integration Identity & Access Management, Network, Distributed Systems, engineering, or security tools and standards.

25% - Governance

• Lead and contribute to definition and maintenance of enterprise infrastructure security related polices and standards.
• Monitor and align information security objectives to external regulations, E.g. ISO 27001.
• Production of metrics and reporting, risk, capabilities, dashboard, compliance.
• Definition and maintenance of operational model; Global Playbook, stakeholders RASCI.
• Qualifications
• Required Qualifications
• Bachelor's degree in Computer Science, MIS, Computer Engineering or equivalent.
• 10+ years of IT and business/industry work experience. 5+ years in-depth security experience
• Demonstrated experience in independently managing priorities & workload effectively and making timely decisions.
• Demonstrated experience moving from concept to implementation effectively.
• Demonstrated professional experience working independently and in a team environment in an architectural capacity.
• Working knowledge and experience with Cloud (i.e. O365, AWS, Azure) design principles and security architectures.
• Deep understanding in the application and integration of security technologies (i.e. Next-gen FW, PKI, SIEM, access control, DLP, DRM, IPS, etc.) and how security technologies support an overall security program.
• Working knowledge of modern federated identity management and access control in cloud environments.
• Demonstrated customer focus and strong interpersonal skills in terms of effective listening, patience, composure, and conflict management.
• Demonstrated initiative and drive to solve complex security challenges.
• Demonstrated ability to lead through influence, adapt to adversity, and drive for results (resilient)
• Effective communication, teaming and leadership skills encompassing cross-functional teams, peer relationships, informing, and understanding and appreciating differences.
• Preferred Qualifications
• Industry security certifications (i.e. CISSP, CISSP-ISAAP, CISA, CISM)
• High learning agility and the ability to learn on the fly, manage through systems and common processes, and have sufficient overall intellectual horsepower to address the demands of the team.
• Working knowledge and experience with one or more of the following: Cloud Security tools, Mobile, Analytics, and/or SharePoint security.
• Demonstrated process improvement experience and/or relevant certification.
• Experience working effective lifecycle management programs.
• Proven record of high performance in problem solving & collaborating.