Company name: JDA Software.

JDA is currently revamping its security posture completely after hiring our new CISO. The new focus will be on building an enterprise security organization that is enabled and empowered to deliver an end-to-end security service to the business. This role is directly supporting the professional services, 3rd party, and customer solutions and ensures that security will be architected and ingrained in all the professional services from the start. Overall this role will ensure that security requirements, designs, and developments for customers, performed by the professional services organization, will adhere to secure practices and to build state-of-the art security-by-design services (or product customizations).
This is a new role, reporting directly to the Director Security Architecture and Engineering of JDA. The Security Architect will support the Director to define, develop, and maintain the ongoing security development efforts across the professional services space and leveraging the global security organization's architecture standards and templates (or create / adopt these) to deliver a world-class and visionary approach that will enable a distinctive competitive advantage for the future.
Other peer functions this role will need to interact with on a daily basis are: the Senior Security Architect Network and Cloud, the Senior Security Architect Endpoints, and the Senior Security Architect Applications
Key deliverables in year one :
Join and help form a companywide security architecture group that aligns our development, building, and customization efforts from an enterprise security perspective and further define the required duties and services.
Absorbing the security roadmaps and policies from peers and translating them into technical solutions and professional services outcomes for the current year.
Defining and implementing a complete end-to-end services model that ensures security by design and build, and significantly reduces vulnerabilities that would be found in later stages of the life cycle.
Develop the secure design standards for areas covering professional services, and secure code repository management.
Support the CISO function in all aspects in building a word-class security organization.
Define architectural standards for security solutions and services based on frameworks such as TOGAF or SABSA and leveraging either existing or to be built design artefacts and standards. Ensuring that security happens in the PS world.
Communications around secure service delivery and educating stakeholders to ingrain security in the customization and adoption phase. Drafting and writing material around the introduction of OWASP, SANS top 20, CIS and such standards.
Potentially manage other architects / engineers and build secure services for the company and customers. Ensure open (but secure) interfaces for overall program activities and alignment & improvements.
Help form a security design review board that ensures alignment, communication, security control points, and improves speed to market and also security by design and build. Define code review standards and help select tools to support these efforts.
Develop an architectural current state diagram and topology across the customization / services area. Prepare a vision 2025 and capture future state. Then work with all security organization to achieve that goal.
Knowledge management.
8+ years of security technology and relevant experience required.
Security Architecture experience across multiple industries (preferred), minimum 2 different industries
Previous experience in security services development and management for global, multinational companies
Security architecture review board experience, secure coding and SSDLC implementation.
Secure design principles and security standard development experience required.
Multi-platform experience in software development companies, supporting multiple independent areas of development.
Current state and future state architecture diagrams, technical roadmap support and overall technology market overview.
Security solution architecture delivery in relations to and in concert with a to be defined enterprise architecture approach.
Masters degree in Information Security / Systems, Computer Science or related industry experience
CISSP certification is required
CISSP with concentration on architecture (highly preferred or must accomplish in first year)