Director Enterprise Security Architecture - Phoenix, AZDate posted 03/27/2018
Freeport-McMoRan is a premier U.S.-based natural resources company with headquarters in Phoenix, Arizona. We operate large, long-lived, geographically diverse assets with significant proven and probable reserves of copper, gold and molybdenum. The company has a dynamic portfolio of operating, expansion and growth projects in the copper industry. Freeport-McMoRan is the world’s largest publicly traded copper producer, the world’s largest producer of molybdenum and a significant gold producer. We have a long and successful history of conducting our business in a safe, highly efficient and socially-responsible manner.
We have the assets, the talent, the drive and the financial strength to provide attractive and rewarding careers for our employees. We encourage you to take some time to explore your career opportunities at Freeport-McMoRan.
The role of the Director Enterprise Security Architecture is to provide leadership and management for MIS Security Architects and Contractors on technical Security Architecture, Security Engineering, and Security Processes. Overall control landscape includes Vulnerability Management, Access Control, Identity, Encryption, Endpoint, DLP, Messaging, Secure Software Development Lifecycle, Network Security, and Disaster Recovery. This position manages the interface between MIS Security, MIS Infrastructure Architecture, and MIS Applications Architecture, and ensures project-level solution designs support long-term global enterprise architecture standards and portfolio roadmaps. The incumbent must effectively work with MIS leadership including the CIO, Directors, Managers, and Staff.
Responsible for managing a team that provides Security Architecture services including contractors and vendors.
Coach and train team in Information Security policies and standards, security process and design frameworks, and delivery of cybersecurity services
Develop both short and long-term Enterprise Security system technology roadmaps based on an understanding of the organizational strategic requirements, risk landscape, technology context and business needs
Represent Security interest in the Architecture Review Board (ARB) meetings, and ensure development of reference architecture documentation and presentation of initiatives in the ARB
Oversee the design and integration for IAM functions including identity management, account provisioning, entitlements review, authentication processes, logging, enterprise roles management, and authoritative sources for identity and its attributes; provide project support in the process re-engineering and automation of existing processes
Oversee the design and integration for network security functions including firewalls, remote access, network access control, network activity monitoring, forensics, and other attributes; provide project support in the process re-engineering and automation of existing processes
Oversee the design and integration for technologies and processes around threat and vulnerability management to include identification, analysis, remediation, and reporting
Extend TVM integration into processes and procedures for security incident response
Oversee the design and integration of cyber security controls within the Software Development Life Cycle (SDLC)
Support the security configuration and change management function to include configuration reviews and security tool feature enablement
Perform other duties as required
Bachelor’s degree in MIS or related field AND
Ten-plus (10+) years of IT experience with a minimum of four (4) years in Security Architecture to include:
Strong background in Security technology design and architecture
Experience in working with current and emerging Information Security technologies and development methodologies
Effective leader, visionary, and implementer with demonstrated experience in advising and influencing Senior Management
Excellent analytical skills: able to break down complex, multi-faceted problems into actionable steps without over-simplification
Ability to communicate Security-related concepts to a broad range of technical and non-technical staff in an intelligent, articulate, and persuasive manner
Strong technical, facilitative and collaboration skills, organizational and time management skills, communication (verbal and written) and interpersonal skills
- Security Certifications such as CISSP, CISM, GWEB, GSSP-.NET, GWAPT, etc.
- Understanding of IAM technologies and processes including account provisioning, role management, entitlement review and identity management
- Experience with Cloud platforms such as Azure
- Experience with SQL, PKI, SAML, XML
- Experience with security architecture related to protocols such as SNMP, HTTP(s), SOA, Web Services
- In-depth understanding of network security issues, security event logging / monitoring, operating systems (Windows, Unix), Firewalls, Intrusion prevention, AV technologies, authentication mechanisms, vulnerability assessment & scanning tools, application security assessments, incident response and knowledge of common information security management frameworks
- Experience working with software developers and experience with application design reviews and threat modeling
- Experience with regulatory compliance such as SOX
- Active in professional security organizations such as ISSA, OWASP, SANS, FUEL, etc.
- Ability to understand and apply verbal and written work and safety-related instructions and procedures given in English
- Ability to communicate in English with respect to job assignments, job procedures, and applicable safety standards
- Must be able to work in a potentially stressful environment
- Position is in busy, non-smoking office located in downtown Phoenix, AZ
- Location requires mobility in an office environment; each floor is accessible by elevator
- Occasionally work will be performed in a mine, outdoor or manufacturing plant setting, which may include exposure to extremes in temperature and humidity, moving mechanical parts, risk of electrical shock, toxic chemicals, explosives, fumes or airborne particles
- Must be able to frequently sit, stand and walk
- Must be able to frequently lift and carry up to ten (10) pounds
- Personal protective equipment is required when performing work in a mine, outdoor, manufacturing or plant environment, including hard hat, hearing protection, safety glasses, safety footwear, and as needed, respirator, rubber steel-toe boots, protective clothing, gloves and any other protective equipment as required
- Freeport-McMoRan promotes a drug/alcohol-free work environment through the use of mandatory pre-employment drug testing and on-going random drug testing as allowed by applicable State laws
- Site-based positions, or positions which require unescorted access to site-based operational areas, which are held by employees who are required to receive MSHA, OSHA, DOT, HAZWOPER and/or Hazard Recognition Training; or
- Positions which are held by employees who operate equipment, machinery or motor vehicles in furtherance of performing the essential functions of their job duties, including operating motor vehicles while on Company business or travel (for this purpose “motor vehicles” includes Company owned or leased motor vehicles and personal motor vehicles used by employees in furtherance of Company business or while on Company travel); or
- Positions which Freeport-McMoRan has designated as safety sensitive positions in the applicable job or position description and which upon further review continue to be designated as safety-sensitive based on an individualized assessment of the actual duties performed by a specifically identified employee.
JobDirector Enterprise Security Architecture - Phoenix, AZ
Primary LocationUnited StatesArizonaPhoenix Corporate Office
See What's Inside
Get a glimpse of what it's like to work here.