Duties and Responsibilities:

• Primarily responsible globally for leading and evolving Crown’s security architecture specifically focused on the development of visionary technical architecture, design, and implementation of security solutions that will securely enable our lines of business.
• Ideal candidate will set the security architecture strategy and vision for the organization in partnership with the CISO, peer security and IT leaders.  Candidate will create the vision and be an evangelist of the strategy to assure it is instituted within Crown. This is a critical role that partners with other security, technology, business, and regional leads across Crown.
• Candidate will drive the security technology practice, oversee its governance, sponsor technical development and debate, be the trusted partner and advisor to CISO, information security team, infrastructure team, and key business partners while driving adoption through cross-functional teams in multiple geographies.  
• Serve as a "trusted advisor" on security architecture and related technologies.
• Partner as needed across the rest of Crown organization.
• Develop and maintain a security architecture processes and patterns that enables the enterprise and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers.
• Develop security strategy plans and roadmaps based on enterprise architecture practices.
• Track developments and changes in Crown’s business and threat environments to ensure that they're addressed in security strategy plans and future architecture.
• Participate in application and infrastructure projects to provide security-planning advice.
• Draft security procedures and standards to be reviewed and approved by the appropriate senior leaders.
• Lead / partner/facilitate the development of baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM).
• Develop standards and practices for data encryption and tokenization in the organization, based on the organization's data policies.
• Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues.
• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
• Review network segmentation to ensure least privilege for network access.
• Liaise with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls.
• Support the testing and validation of internal security controls, as directed by the CISO or the internal audit team.
• Review security technologies, tools, and services to make recommendations to the broader security team for their use, based on security, financial and operational metrics.
• Liaise with other architects and security practitioners to share best practices and insights.
• Lead external assessments and develop remediation roadmaps as needed.

Job Requirements

• Ten years or more experience in enterprise level security architecture and engineering. Experience in using architecture methodologies.
• Direct, hands-on experience or strong working knowledge of managing security elements such as firewalls, intrusion detection/prevention systems (IDS/IPS), web application firewalls (WAFs), endpoint protection, identity & access management, SIEM, encryption technology. 
• Direct, hands-on experience or a strong working knowledge of vulnerability management concepts and tools.
• Experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.
• Full-stack knowledge of IT infrastructure: Applications, Databases, Operating systems — Windows, Unix and Linux, Hypervisors, IP networks — WAN and LAN, Storage networks, backup networks and media.
• Direct experience designing IAM technologies and services: Active Directory / Azure Active Directory, Lightweight Directory Access Protocol (LDAP)
• Strong working knowledge of IT service management (e.g., ITIL-related disciplines):  Change management, Configuration management, Asset management, Incident management, Problem management, ISO 27001/2, NIST Cybersecurity Framework (CSF)
• Must have a strong understanding of the latest trends and how to incorporate relevant emerging technologies without creating extensive complexity.

Education: 

• Bachelor’s Degree in Information Systems, Computer Science, Engineering, or other related fields required 
• CISSP (Certified Information Systems Security Professional) certifications are preferred but not required.