Job Title: Sr. Information Security Architect
Employee Status: Regular
Schedule: Full time
Location: Hybrid from Westfield Center, OH or remote

About Us:
You’re ready to make your mark where people care about each other. Where your work is meaningful. And where your unique perspectives are welcome. Think about joining Westfield, a company focused on what’s most important – the people behind our policies.

Westfield was founded in 1848 by a small group of hard-working farmers who believed in the promise of the future and the power of the individual. Today, as one of the nation’s leading property and casualty (P&C) companies, we remain true to their vision and are dedicated to making a positive difference in our customers’ lives.

Responsibilities :

• Responsible for information security systems architecture and/or data engineering.
  • Manages and participates in the solution identification, evaluation, selection, and implementation of security-related tools, controls and services for IT projects, and other initiatives.
  • Assists in the selection and integration of products and solutions that align with operational and architectural requirements.
  • Analyzes commercial information security products and services and recommends solutions.
• Leads, guides and coaches project team members in the identification, development, and completion of deliverables consistent with information security policy and standards. Responsible for ensuring that information security standards are understood and adhered to on projects, documentation is completed, and assignments are completed accurately and on time.
• Recommends and assists in implementing changes to work processes and procedures to strengthen and improve company security measures. Provides security consulting and project management services on highly complex information security projects and issues.
• Leads and facilitates meetings with cross-functional teams to establish the creation of current and future state information security models; analyzes impacts to current architectures, processes, and procedures; creates recommendations and proposals. Works with developers and IT Engineers during new product design to help ensure security best practices are implemented.
• Identifies and evaluates potential threats and vulnerabilities (either detected internally or publicly announced) that could impact the company’s applications or infrastructure and recommends mitigating controls to reduce the company’s risk.
• Remains current on security threats, emerging information security technology, and industry best practices and trends. Disseminates information security information throughout the company as needed to provide clarity and protect against security threats.
• Creates data security reports for individual and collective platforms and performs database vulnerability and penetration assessments, as assigned.
• Participates in architectural governance activities and processes, as needed.
• Provides information security contract requirements based on data classification and mission criticality.
• Works with the Database Administrators (DBA), System Administrator and User Administration staff in developing proper database access control methods and minimum security baselines.
• Serves as a subject matter expert for info security architecture/ data engineering at Westfield and also as a peer mentor to others on the team.
  • Provides subject-matter expertise and support to project teams as needed.
• Participates fully in change management across IT and IT infrastructure. Coordinates changes with other areas of the IT department as appropriate.
• May be assigned to participate on the Security Incident Response Team (SIRT) responding to incidents that may occur.
• Participates in disaster recovery tests including verifying scripts and performing mock disaster recoveries, as needed.
• Maintains working knowledge and understanding of information security, risk management, and regulatory compliance topics. Participates in professional industry groups, creates a network of key contacts, and researches topics to stay abreast of information security industry changes.
• Travels occasionally in order to participate in special assignments, training, and/or travel between office locations.

Qualifications:

• 10+ years’ of IT security architecture, engineer, secure SDLC and/or database administration experience.
• Experience usings and demonstrated proficiency in Web Application and Web Service Security.
• Information security experience including experience and knowledge in at least two or more of the following areas:
  • Current information security techniques and technologies.
  • Relational Database Management Systems (RDBMS) software, technology, administration, and utility tools.
  • IT security architecture principles and best practices.
  • Data security governance and monitoring, data location and classification, and data access.
  • Secure SDLC, DevSecOps
• Experience with industry standards for federated identity, specifically OpenID Connect and SAML.
• Experience with OAuth 2.0 Authorization framework.
• Experience with methods used in performing risk analyses and assessments.
• Highly proficient computer and systems skills, with skills in scripting and basic programming gained through previous work experiences.
• Experience maintaining and updating documentation necessary for supporting security environments, including policies, standards, patterns, and reference architectures.
• Strong oral, written, and interpersonal communication skills resulting in the ability to interface with managers and staff at all levels within the organization.
• Experience evaluating performance and scheduling, planning, and organizing staff in problem-solving activities.
• Experience training, designing process solutions, and directly interacting with customers.
• Excellent project management, organizational, and prioritization skills with the ability to manage multiple activities/demands simultaneously and to recognize and address workload issues as needed.
• Working towards obtaining or have already obtained the following: Certified Information Systems Security Professional (CISSP) or other recognized security designation(s).
• Bachelor’s degree or commensurate experience.
• Valid driver’s license and a driving record that conforms to company standards.
• Physical essential functions: ability to work 40 hours in an office environment (sitting, standing, on a computer, etc.), operate office related technology (computer, phone, etc.), travel as required.

Westfield offers a Total Rewards program that focuses on compensation, benefits and wellness, and includes perks like 401(k), pension plan, annual incentive, education reimbursement, flex-time, onsite fitness center or gym reimbursement and casual dress. Work/life balance, recognition, and learning and career development are all part of a rewarding career with Westfield.

Learn more about current opportunities at www.westfieldinsurance.com/careers.

We are an equal opportunity employer/minority/female/disability/protected veteran.

#LI-KF1
#LI-remote