Job Description:

Location: Monterrey or Matamoros, Mexico

Applications from persons not living in Mexico will NOT be accepted.

An advanced skillset position, the Information Security Architect interacts frequently with security leadership as well as audit and compliance. The role is responsible for designing security solutions that protect the business while allowing the business to execute and innovate. The architect works closely with many diverse and dynamic teams, including, but not limited to, security administration, IT infrastructure, application development, security operations, IT risk, and end users. This position is also responsible for architecting and documenting solutions to secure business-to-business initiatives, third-party relationships, outsourced solutions, and vendors.

The Information Security Architect provides expert guidance for addressing current security issues and must have the foresight to see where the industry is headed and proactively deliver solutions that are secure and optimized for the business. The architect is expected to think like an adversary and identify how solutions should evolve as the threat landscape changes. A senior-level role, the architect possesses strong communication and organizational skills, and the ability to guide less experienced coworkers. The architect provides technical leadership to delivery and solution design team members.

Throughout the roles key responsibilities, the Information Security Architect must always consider opportunities to integrate security practices within earlier phases of IT and business processes to identify potential risks as soon as possible, reduce remediation costs, and avoid unnecessary re-work.

At times, the architect acts as a liaison with business stakeholders to understand the strategy and execution outlook.

Essential Job Duties

• Support the ability to shift left and incorporate security early and throughout project and development lifecycles.
• Possess a DevOps focus across technology and security architecture, automation, integration, and distribution. Simplify and automate activities to enhance efficiencies and conformity.
• Consistently learn and share advanced skills and practices that promote team excellence. Drive security efficiencies, enabling security team members to work on more advanced tasks.
• Perform engineering performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted.
• Build relationships with key stakeholders to incorporate security principles into design and deployment processes.
• Oversee implementation of defensive practices and countermeasures across infrastructure and applications.
• Serve as a point of contact for security-based escalations and remain tightly involved through resolution.
• Remain current with new security threats and assess systems to ensure they can defend the business.
• Constantly research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership.
• Lead and/or participate in the development of security team policies, standards, procedures, and processes.
• Influence the planning and execution of incident response and postmortem exercises, with a focus on creating measurable benchmarks to show progress (or deficiencies requiring additional attention).
• Partner, coach and functionally lead IT, engineering, development, and business teams.
• Support implementation, monitoring and operations of information security assets, programs, and projects.
• Actively participate and lead security team meetings that facilitate secure design.
• Engage in information security projects that evaluate existing security infrastructure and propose changes as defined by security leadership and architects. Additionally, deliver projects on time, within budget and in accordance with service level agreements.
• Assist with incident response and system stability issues as they occur. This may include involvement outside of regular work hours, and responsiveness is expected.
• Implement solutions observing compliance with applicable laws, regulations, and frameworks, such as NIST SP800-171, ISO 27001, GDPR, etc.
• Respond to and handle service and escalation tickets within service level agreements.
• Develop security test plans from architectural design. Identify deficiencies and make enhancements to ensure production is not impacted.
• Participate regularly in change project and change management

Skills and Experience

• 5+ years experience in information security, including compliance and risk management, with a system and network security engineering background.
• Proven deep background (preferred 5+ years in addition to security) in technology design, implementation, and delivery.
• Experience in cloud computing technologies, including software-, infrastructure-, and platform-as-a-service, as well as public, private, and hybrid environments.
• Extensive knowledge of traditional security controls and technologies, such as security information and event management (SIEM) systems, intrusion detection and prevention (IDS/IPS) systems, public key infrastructure (PKI), identity and access management (IAM) systems, data leak prevention (DLP), antivirus (AV), file integrity monitoring (FIM), and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration (SOAR), deception technologies, and application controls.
• Excellence in communicating business risk from cybersecurity issues.
• Experience driving measurable improvement in monitoring and response capabilities at scale.
• Highly technical and analytical expertise, with a proven deep background in technology design, implementation, and delivery.
• Skilled in meeting vulnerability and penetration testing requirements.
• Proven trustworthiness and history of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating well, including the ability to translate technical content into terms understandable by the business.
• Experience working in a multicultural environment with colleagues in different countries.
• Analytical and problem-solving mindset.
• Ability to quickly execute on strategic decisions to drive organizational results.
• Highly organized and efficient self-starter requiring minimal supervision.
• Strategic and tactical thinking, along with decision-making skills and business acumen.
• Proficiency with scripting languages such as Python, JavaScript, PowerShell, or Ruby is a plus.
• Experience with the following frameworks and standards is a plus: ISO 27001, TISAX, NIST SP800-171, SOX, GDPR, CIS CSC.
• Education Requirements
• Higher education with a degree in information security, computer science, MIS, or related field preferred.

Certification Requirements

• CISSP, CISM, SANS/GIAC or similar certification is required. ISSAP preferred.

Salary Package:
MX$ 90,000.00 - 100,000.00 (Mexican Peso)