Information Security Architect at Dillards

THE OPPORTUNITY

The Information Security Architect is a critical technical role responsible for ensuring the secure design and compliance of Dillard's enterprise architecture to effectively and securely support the organization in meeting specific business technology needs. In this role, you will be considered a technical expert. As the ideal candidate, you will have the following expectations: execute architecture design reviews to evaluate security controls, identify opportunities to enhance the security posture of the Dillard's environment, and build relationships with infrastructure architects and leads to disseminate and explain secure design methodologies and policies. You will also understand the landscape and components of modern architecture and the methods to deploy them securely.

THE TEAM

The Information Security team is expected to be high-performing. To meet this expectation, the team members are communicative and collaborative, always sharing knowledge and research with one another. Members of this team should be able to understand what is expected of them and adjust on the fly, as priorities may change depending on the company's needs. If you are someone who sets a standard of excellence for yourself and you enjoy working alongside others who set the same standard and who genuinely want each of their peers to succeed, you may be the perfect addition to this team. 

WHAT YOU WILL DO

• Define and develop security requirements based on business strategies, risk assessments, threat modeling, testing, and existing system analysis
• Collaborate with enterprise architects, application development, and IT to review existing and proposed systems, identify security design gaps, and recommend changes or enhancements. 
• Cross-train other team members on projects and new security technologies
• Review business processes from a security perspective to identify risks and propose mitigations and/or compensating controls
• Ensure systems and applications are implemented to meet security and compliance requirements such as PCI, SOX, and other cybersecurity frameworks and laws
• Assist security leadership with overall security strategy, policies, and standards to continuously improve our security posture
• Create and review technical diagrams of infrastructure and data flow diagrams using Visio or comparable tools

THE “MUST-HAVES”

• Experience designing and implementing security controls to improve security
• Solid knowledge of security risks/threats to large organization systems and networks and ability to address those threats
• Experience designing systems to meet regulatory compliance, such as PCI, SOX, etc.
• Strong problem-solving skills and ability to analyze and resolve problems
• Ability to translate complex technical information across all levels of the organization
• Strong relationship-building skills with business stakeholders
• Excellent interpersonal, communication, and presentation skills

THE “NICE-TO-HAVES”

• Experience in multiple areas of information security, such as:
• Identity and Access Management
• Application Security, cryptography, and protocols
• Secure System Development Live Cycle
• Vulnerability management and penetration testing
• IT and configuration management
• Network Security
• Extensive knowledge of the administration and management of multi-dimensional operating systems, databases, and applications
• Thorough understanding of standard network model and risks present at each layer, cryptography, and the functions of key management, SSL, and TLS
• 5-7 years of relevant experience and a Bachelor's degree in Computer Science or equivalent

WITHIN 1 MONTH, YOU’LL

• Understand the Security disciplines within Information Security
• Understand the Risk Management program at Dillard's, including Third-Party and Internal Risks
• Understand major environments (eCommerce, Store, Distribution Centers, Network)
• Leverage tools to investigate and validate architectures

WITHIN 2 MONTHS, YOU’LL

• Conduct Third-Party risk assessments and provide reports for review
• Assess and review IT Risk Acceptance items and provide feedback
• Document architecture for Dillard's IT environments (e.g. project solutions, functional solutions)

WITHIN 3 MONTHS, YOU’LL

• Analyze and document internal risks within Dillard's IT environments
• Work with the Information Security Architecture and Risk Management team in developing Information Security strategies
• Work with IT teams by providing Security Architecture consulting