Cybersecurity Architect

This position may be located at First Interstate Bank's offices in Billings, Colorado, Idaho, Iowa, Missouri, Montana, Nebraska, Oregon, South Dakota, Washington and Wyoming.

What's Important to You
We know your career is just one aspect of a meaningful, complex, and demanding life. That's why we designed our compensation and benefits package to provide employees and their families with as much choice as possible.

• Generous Paid Time Off (PTO) in addition to paid federal holidays.
• Student debt employer repayment program.
• 401(k) retirement plan with a 6% match.
• The health and happiness of the places we call home matter to us. Learn a little more about what we do for the communities we serve and why we want YOU to be a part of it.

We encourage you to apply. Reach for what you want and tell us why your work ethic and willingness to learn make you a natural fit for #TeamFirstInterstate.

SUMMARY
The Cybersecurity Architect leads and supports the Chief Information Security Officer in maintaining visibility and providing oversight and guidance of technical cybersecurity aspects of projects, products, systems, applications, and services. This position collaborates with the Enterprise Architecture team to understand business goals and objectives and provide leadership to guide technology towards secure configuration and management. Also, this position creates deliverables for managing the security architecture of systems and technology throughout the organization.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Leads the development of roadmaps for strategic planning and long-term goals, ensuring technology is designed and implemented according to cybersecurity best practices and sound enterprise architecture principles for all environments, including cloud and on-premises infrastructure.
• Creates governing cybersecurity architecture standards, including practices for data encryption and tokenization based on the organization's data classification criteria.
• Collaborates with the management team to develop or recommend updates to cybersecurity standards to be reviewed and approved by executive management and/or formal authorization by the Chief Information Security Officer (CISO).
• Leads the creation, development, and maintenance of security architecture artifacts (e.g., models, templates, standards, and procedures), leveraging the Enterprise Architecture tool to integrate security capabilities in projects and operations.
• Identifies needs and leads performance of appropriate security reviews, identifying gaps in security architecture, and developing a security risk management plan for addressing these gaps.
• Validates IT infrastructure and other reference architectures for security best practices and recommends changes to enhance security and reduce risks.
• Establishes and builds relationships with the Enterprise Architecture team to develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities aligned with business, technology, and threat drivers.
• Establishes and builds relationships with the IT management and teams to foster a collaborative environment for defining and ensuring systems are built to baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, identity, and access management (IAM), and cloud deployments.
• Guides the collaboration and coordination with the data, security, and architecture teams to document data flows of sensitive information (e.g., PII or ePHI) and recommend controls to ensure adequate security (e.g., encryption and tokenization).
• Leads the research and coordination with the vendor management (VM) teams' security assessments of new, prospective, or emerging technologies, especially those with which the organization shares intellectual property (IP) and regulated or protected data. Evaluate statements of work (SOWs) and master services agreements (MSAs) to ensure adequate security protections.
• Liaises with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls.

QUALIFICATIONS
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

KNOWLEDGE, SKILLS AND ABILITIES

• Knowledge and experience with financial regulations such as Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley (SOX), Privacy Practices, Gramm-Leach-Bliley Act (GLBA), NIST Cybersecurity Framework (CSF), Center for Internet Security (CIS) Critical Security Control, and other cybersecurity frameworks, architecture, and technology.
• Experience in using architecture frameworks such as The Open Group's TOGAF.
• Direct, hands-on experience or strong working knowledge of managing security infrastructure such as firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology, and vulnerability management tools.
• Knowledge on defense in depth and zero-trust network architecture (ZTNA).
• Full-stack knowledge of IT infrastructure: Applications, Databases, Operating Systems (Windows, Unix, and Linux), Hypervisors, IP Networks (WAN and LAN), Storage Networks (Fibre Channel, iSCSI, and NAS), Backup Networks and Media, Containers/Kubemetes, Public Cloud Services, and Securing Public Cloud Services.
• Knowledge of various aspects of an enterprise technology architecture like business, information, data, network, and security.
• Understanding and knowledge of system development life cycle methodologies (such as waterfall, spiral, agile software development, rapid prototyping, incremental, synchronize and stabilize, and DevOps).
• Understanding and knowledge of IT standards and controls.
• Excellent understanding of application development methodologies and infrastructure and network architecture.
• Excellent analytical, planning, organizational, and technical skills.
• Excellent written and verbal communication skills.
• Skilled at influencing, guiding, and facilitating stakeholders and peers with decision-making.
• Ability to articulate new ideas and concepts to technical and nontechnical audiences.
• Ability to understand the long-term ("big picture") and short-term perspectives of situations.
• Ability to translate future-state business capabilities and requirements into solution architecture requirements.
• Ability to propose and estimate the financial impact of solution architecture alternatives.
• Ability to work creatively and analytically to solve business problems and propose solutions.
• Ability to quickly comprehend the functions and capabilities of new technologies.

EDUCATION AND/OR EXPERIENCE

• Bachelor's Degree in Computer Science, Information Systems, Cybersecurity, or a related field required and
• Master's Degree in Computer Science, Information Systems, Cybersecurity, or a related field preferred
• 4-6 years experience as a Cybersecurity Architect or Engineer, with demonstrated experience designing or building multiple components of IT and/or cybersecurity infrastructure required

LICENSES AND CERTIFICATIONS

• CISSP Certified Information Systems Security Professional preferred
• Certified Information Systems Auditor (CISA) preferred
• Certified Information Security Manager (CISM) preferred
• Global Information Assurance Certification preferred

PHYSICAL DEMANDS AND WORKING ENVIRONMENT
The physical demands and work environment are representative of those that must be met or encountered to successfully perform the essential functions of the job. In compliance with the Americans with Disabilities Act, the company provides reasonable accommodation to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer.

• Dexterity of hands/fingers to operate computer keyboard and mouse - Frequently
• Lifting - Occasionally (up to 50 lbs)
• Sitting - Frequently
• Standing - Occasionally
• Noise Level - Moderate
• Typical Work Hours - M-F (8-5)
• Regular and Predictable Attendance - Required

COMPENSATION & BENEFITS

We offer a competitive total compensation package including base salary and benefits. The pay range for this position is $107,910 to $178,090 per year (in CO & WA) and depends on a variety of non-discriminatory factors including, but not limited to, job-related knowledge, skills and experience, education, and geographic location. Additionally, this role is eligible to receive annual discretionary cash and stock bonuses. Benefits available for this position include, but are not limited to, medical, dental, vision, short-term and long-term disability benefits and life insurance, flexible spending accounts, health savings account, employee assistance program, 401(k), Paid Time Off (new hires accrue at .069 per hours worked which equates to approximately 18 days per year inclusive of paid sick time) and up to 11 paid Federal holidays. Please note this information is provided for those hired in Colorado and Washington only, and this role is open to candidates outside of Colorado and Washington with compensation that aligns with your location. For more information regarding our benefits, please visit https://www.firstinterstatebank.com/company/about/employee-benefits.php.