General Motors Cybersecurity Architect – Vehicle Services Security - ENG0031861 in Austin, Texas
The Vehicle Services Security Architect is responsible for understanding broad requirements for solutions deployed by GM that interact with connected vehicles. This Security Architect is expected to provide guidance in designing effective security controls to be applied across and within distributed systems (ie. Mobile Applications, Services in data centers and Telecommunication Providers) and their networks leading up to the vehicle for the reduction of risk throughout the environment.
•Understand the existing environment (distributed systems and networks) with the proposed enhancements to be delivered, then assess the risk and define effective security controls that need to be applied to appropriately reduce or mitigate the risks for customers and the corporation at large.
•Consult with Business Analysts and Advisors to understand the intended business requirements in driving the enhanced solution to be secure while still delivering the intended business value.
•Work with the End-to-End Solution Architects and the Platform Architects to define security controls (document security requirements and applicable design options) to apply in delivering business value while reducing risk.
•Provide guidance to Computer Systems Developers in delivering code and Computer Systems Engineers in configuring systems to address the stated security requirements and design.
•Document test cases to validate the security controls are effectively implemented across environments leading up to and including the Production environment.
•Provide information to project management related to status of past, current and future activities.
•Leverage industry standards and best practices for the purposes of assessing and applying effective security controls to the systems architecture
•Participate in technical incident management and troubleshooting, as needed
•Bachelor degree in Computer Science, Computer Engineering, Information Systems, or equivalent field/work experience
•Minimum 3 years’ experience in Information Systems Security
•Minimum 3 years’ experience in IT architecture creating key artifacts including architectural principles, requirements traceability, use cases, patterns, reference architectures, elaboration, and network designs and drawings.
•Minimum 3 years’ experience in creation of IT solutions including enterprise-level systems (web, client/server, and mobile applications, networks and endpoint devices).
•Demonstrated experience in developing contextual and conceptual, logical and physical architecture deliverables.
•Solid experience based knowledge and ability to apply the principles of application or infrastructure architectures, including the distinction between contextual, conceptual, logical and physical layers
•Ability to make recommendations and influence decisions based risk reduction.
•Ability to work constructively as an individual or in groups with minimal supervision.
•Strong facilitation and negotiation skills.
•Strong creativity and innovation skills.
•Strong verbal and written communication skills.
•Technical Master’s degree strongly preferred
•Certified Information Security Systems Professional (CISSP) certification
•Experience in providing security solutions for APIs or 4G LTE infrastructure
•Experience with mobile and application security
•Desire to continuously learn and keep up to date on latest developments within information security
•Ability to conduct evaluations of alternative proposals to security architecture and facilitate decisions ensuring the best outcome for the GM IT and business environments
•Ability to conduct fact-based evaluations of architecture alternatives, mediate opposing viewpoints and negotiate equitable outcomes that ensure stable solutions
•Career track record of engineering, developing (coding), deploying and maintaining business critical information technology solutions across a range of technical platforms
•Solid experience in strategic planning and project management
•Solid understanding of the SDLC process and ability to effectively develop and design solutions using a structured approach
•Demonstrated experience in using industry standards such as ISO/IEC 27001 and 27002, COBIT, and TOGAF
•CISSP-ISSAP, GWAPT, CGEIT or CRISC certifications