The Product Cybersecurity Security Architect is responsible for providing risk assessments and architectural recommendations support to IT and Vehicle Engineering team members in producing security across customer devices, cloud services to/from the GM connected vehicles. This will be accomplished by meeting with a variety of personnel from Business, IT, Vehicle / Component Engineering to address security risk to enable delivery of connected features.
The Security Architect is responsible for participating in the creation of a holistic approach to the reduction of risk throughout the environment in co-operation with Security Engineers focused on the In-Vehicle systems and Program Managers.
The Security Architect works from business requirements stage to support post-deployment (incident response) by applying enterprise-wide architectures to the design and implementation via research of options to recommendations from current to future (mid-term and long-term) security initiatives from definition phase through implementation with regards to Vehicle Services.
- Leverage industry standards and best practices for the purposes of assessing the current “as-is” architecture
- Propose the desired “to-be” architecture based on solid risk assessment and evaluation of available technology and controls
- Evaluate IT systems, appliances, and devices being proposed for use within the environment and their ability to meet GM’s security requirements, recommending mitigating controls for identified limitations and risks
- Work closely with the many personnel across GM and external suppliers to ensure security requirements are addressed in all phases of project lifecycles
- Assist in the creation and maintenance of enterprise security policies, controls, and standards for technologies defined within the GM taxonomy
- Provide security architecture as a service in assistance to project teams and other architecture groups to ensure proper skills are applied where needed
- Assist in identifying and assessing risk as part of the overall Risk Management process
- Understand and apply the distinction and dependencies between business, information, systems and technology architecture layers
- Use proven experience-based ability to design and develop IT solutions based on defined requirements in a large-scale multi-national organization
- Evaluate and select various technologies for suitable inclusion in IT solution designs
- Develop and comprehend abstract models of IT solution architectures, including various views of solution architectures
- Review and contribute to the definition of functional and non-functional business requirements and translate these into clearly articulated architectural requirements in the context of the required solution
- Participate in the discovery, documentation and refinement of business requirements to ensure alignment with technically viable solution designs
- Document applicable assumptions related to the technical viability of defined and reviewed solutions
- Validate these assumptions as needed to ensure solution appropriateness
- Validate current and future state architectural models and views as necessary to ensure availability of a thorough and robust comprehension of the assigned domain
- Participate in technical incident management and troubleshooting as needed
- Understand and apply software engineering and application development methodologies in a complex multi-project environment
- Bachelors degree in Computer Science, Computer Engineering, Information Systems, or equivalent field/work experience.
- 3+ years of experience in Information Systems Security.
Experience with computing solutions (security controls) across a variety of the following:
Mobile Applications (iOS and Android) running on Customer Smart devices (phones, tablets, watches, etc)
- Voice Assistants (Amazon Alexa, Google Home, Microsoft Cortana, Apple Siri, etc)
- Cloud platforms (Salesforce, Microsoft Azure, Google Cloud Platform, Amazon Web Services, Pivotal Cloud Foundary, Akamai, etc)
- API Gateways (CA Layer7, IBM Data Power, Oracle, Zuul, etc)
Identity & Access Management for Customer credentials.
Experience in IT architecture focused on networks, data, and application - layer security.
- Experience in Threat Modelling and defining Risk Assessments with qualitative and quantitative indicators.
- Desire and ability to influence End-to-End Solution Architects, IT Architects, Business Analysts, Product Owners, and others - to produce robust secure systems for GM connected vehicles.
- Demonstrated experience in developing contextual and conceptual, logical and physical architecture deliverables.
- Solid experience based knowledge and ability to apply the principles of application or infrastructure architectures, including the distinction between contextual, conceptual, logical and physical layers.
- Must demonstrate the ability to make recommendations and influence decisions based risk reduction.
- Must demonstrate the ability to work constructively as an individual or in groups with minimal supervision.
- Technical Master’s degree strongly preferred.
- Certified Information Security Systems Professional (CISSP) certification.
- Experience in providing security solutions for APIs or 4G LTE infrastructure.
- Experience with mobile and application security.
- Desire to continuously learn and keep up to date on latest developments within information security.
- Ability to conduct evaluations of alternative proposals to security architecture and facilitate decisions ensuring the best outcome for the GM IT and business environments.
- Ability to conduct fact-based evaluations of architecture alternatives, mediate opposing viewpoints and negotiate equitable outcomes that ensure stable solutions.
- Career track record of engineering, developing (coding), deploying and maintaining business critical information technology solutions across a range of technical platforms.
- Solid experience in strategic planning and project management.
- Solid understanding of the SDLC process and ability to effectively develop and design solutions using a structured approach.
- Demonstrated experience in using industry standards such as ISO/IEC 27001 and 27002, COBIT, and TOGAF.
- ITIL Certification.
- CEH, GCIH, GPEN, GWAPT, CISM, CISA, CGEIT or CRISC certifications.