Principal Cyber Security Architect

This position leads the partnership between executive technology leadership and the information security architecture function. Facilitates security strategies, technology integrations, and risk mitigation efforts through a high level of technical ability and leadership. Provides expert guidance to management and business projects. Ensures compliance with information security and compliance standards. Provides support to security services through a variety of methods that enhance defenses for the Bank's information security architecture. May design or integrate systems with significant impact on the overall corporate technology strategy and direction.

• Business Enablement - Owns engagement between executive technology leadership and the information security architecture function. Accelerates technology development and deployment by embedding in customer organizations to drive security awareness, prioritization and solutions. Engages with other architects within the information security organization to bring the right skillsets and experience to bear on issues impacting the firm's strategic roadmap.
• Security Strategy - Assists in designing and implementing security strategies to shape the Bank's overall technical vision. Facilitates the development and evolution of the architecture and enterprise governance processes. Defines security baselines and standards to include technical configuration standards. Supports the implementation of security controls, guidelines, recommendations, and best practices. Aligns assigned projects with information security strategic and architectural objectives.
• Security Architecture - Assists with the development, enhancement, and documentation of Information Technology (IT) security architecture. Resolves complex or escalated issues, and is responsible for technical activities at the highest level of ability. Drives significant projects and initiatives to ensure security objectives are achieved. Facilitates ongoing risk mitigation efforts.
• Awareness - Maintains a strong knowledge of emerging risks and trends. Assists the IT Risk and Compliance team in developing education and awareness program materials. Participates in industry and professional organizations to retain current knowledge and business relationships.

Bachelor's Degree and 10 years of experience in Information Technology including Information Security OR High School Diploma or GED and 14 years of experience in Information Technology including Information Security

Possesses at least one of the following security certifications: CISSP, GIAC, CISM, or OSCP

Preferred Skill(s): Knowledge of Forensics, Security Operations, Incident Response, Research/Threat Detection, Malware Analysis, Assessments and Penetration testing, or Secure Software Development, Proven consulting and relationship management skills as well as the ability to leverage key working relationships with business units, vendors, and IT staff, Familiarity with one or more standard security related frameworks (NIST-Cyber, CoBIT, ISO, etc.), Knowledge of security principles and their application in an enterprise IT environment, Knowledge of various platform technologies including internet, network, distributed systems, desktop computing, voice, and threat management technologies, Experienced with enterprise security controls including malware, protection, firewalls, intrusion detection systems, content filtering, internet proxies, encryption controls, and log management solutions, Knowledge of tiered application architectures, web front-ends/server-side apps, application, and relational databases,

Experience with APIs: REST, SOAP, SOA and other integrations, Experience with secure application development, application security risk mitigation techniques, Understanding of application security and industry standards such as OWASP top ten and SANS top 20, Understanding of SDLC and Secure Development Lifecycle, Use of security tools and industry best practices., Knowledge of network security controls and technologies such as firewalls, intrusion detection/prevention systems, monitoring (SIEM), data loss prevention, authentication/authorization, and database security

The base pay for this position is generally between $150,000 and $230,000. Actual starting base pay will be determined based on skills, experience, location, and other non-discriminatory factors permitted by law. For some roles, total compensation may also include variable incentives, bonuses, benefits, and/or other awards as outlined in the offer of employment.

This job posting is expected to remain active for 45 days from the initial posting date listed above. If it is necessary to extend this deadline, the posting will remain active as appropriate. Job postings may come down early due to business need or a high volume of applicants

Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits.