Principal security architect, Global Technology* - Seattle, WA at Seattle

Job Description

Job Summary and Mission

The Information Security Architect provides business and technical advice on a wide variety of information security issues, concerns, and problems. The Architect makes sure that all business applications developed in-house or developed by outsiders on behalf of Starbucks include adequate control measures. Working on committees and task forces throughout Starbucks, the Information Security Architect is an in-house subject matter expert who diligently assists with the improvement of security on information systems at Starbucks. A visible internal spokesperson of the Information Security Department, the Architect is charged with gaining widespread support of and compliance with information security requirements.

Summary of Key Responsibilities

Responsibilities and essential job functions include but are not limited to the following:

Provides in-depth technical advice for investigations of information security incidents including internal fraud, system intrusion, and system outages

Assists with the documentation of information security incidents as well as the analysis of the circumstances enabling or permitting these incidents to take place

Participates on a Computer Emergency Response Team (CERT) that responds to various security incidents such as denial of service attacks, virus infestations, and internal frauds

Analyzes selected commercially-available information security products and services to determine which of these should be adopted or tested by Starbucks

Provides users and management with technical support on matters related to information security such as the criteria to use when selecting information security products (answers a wide variety of questions about information security)

Acts as a technical information security reviewer of requirements statements, feasibility analyses, conceptual designs, and other documents produced during the systems development lifecycle

Reviews proposals to significantly enhance or modify the configuration or functionality of intranets, firewalls, servers, applications, databases, and other important parts of the Starbucks information systems infrastructure

Provides special technical guidance to the Starbucks Global Technology staff about the risks and control measures associated with new and emerging information systems technologies

Acts as a technical liaison to users, user department management, and others within Starbucks who are seeking more information about information security

Participates in, and acts as a technical leader in periodic information systems risk assessments including those associated with the development of new or significantly enhanced business applications

Reviews the cost-effectiveness and practicality of existing information security procedures and systems, and makes suggestions for the improvement of these procedures and systems

Develops detailed proposals and plans for new information security systems that would augment the capabilities of, or enable new capabilities for Starbucks networks or shared information systems

Reviews draft information security policies, architectures, standards, and/or other technical requirement documents for alignment to controls and mechanisms for enforcement and/or audit.

Interprets information security policies, standards, and other requirements in light of specific internal information systems, and assists with the implementation of these and other information security requirements

Assists with the selection, installation, and adoption of automated tools that enforce or monitor the compliance with information security policies, procedures, standards, and similar information security requirements

Conceives of and proposes new approaches that will allow greater standardization and more effective management of information security measures

Provides technical advice to those who install, administer, and update computer-based access control systems

Works with the internal Legal Department and the Physical Security team in the development of procedures which capture and securely preserve evidence of computer related crime and/or abuse, so that this evidence may later be used for legal or disciplinary purposes

Assists with internal efforts to inventory and control intellectual property

Develops and/or periodically refines a data classification system that allows workers to make quick decisions about the procedures they should use to protect information that has been marked with the designations described by this system

Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy, so that Starbucks is warned in advance and is ready to be fully compliant with these requirements

Stays informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional associations, industry conferences, training seminars, and other information sources

Participates as a technical advisor for a variety of ad-hoc information security projects that will be dictated by current business and technological developments

Reviews proposals for outsourcing business systems or processes to determine whether security controls would be compromised in the course of outsourcing the proposed activities

As needed, acts as an expert witness in information security-related legal proceedings involving Starbucks

Job Requirements

Qualifications

Posses at least one of the following security certifications: CISSP, CISM, CISA, or SANS GIAC

A minimum of 8 years relevant industry experience in information security or 3 years in information security with an additional 3+ years industry experience in IT system audit and/or system/network administration

Country: USA, State: Washington, City: Seattle, Company: Starbucks.