Associate Director, Enterprise Architect, Security

Req #: 1711828
Location: Deerfield, IL US
Other Locations:
Job Category: Information Technology & Services
Job Description

With our portfolio of global Power Brands such as Oreo and belVita biscuits, Cadbury Dairy Milk and Milka chocolate and Trident gum, we’re the world’s #1 in biscuits and candy, and #2 in chocolate and gum. We’re Mondelēz International, a snacking powerhouse with operations in more than 80 countries, with approximately 90,000 employees globally and our brands are marketed in around 165 countries.


Our purpose and vision is to create more MOMENTS OF JOY by building the BEST SNACKING COMPANY IN THE WORLD.


Job Scope

The enterprise security architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices. The enterprise security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services. The Enterprise Architect works with business and IT stakeholders to define a future-state vision in terms of requirements, principles and models. The EA aligns IT investments with business strategies, while reducing risk and delivering higher-quality and adaptive solutions. 

Job Responsibilities

The enterprise security architect will be responsible for the following activities and functions:
• Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
• Develop security strategy plans and roadmaps based on sound enterprise architecture practices
• Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
• Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
• Participate in application and infrastructure projects to provide security-planning advice
• Draft security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the CISO
• Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM)
• Develop standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria
• Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application
• Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the network operations center (NOC)
• Coordinate with the privacy office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
• Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems
• Review network segmentation to ensure least privilege for network access
• Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:
• Software as a service (SaaS) providers
• Cloud/infrastructure as a service (IaaS) providers
• Managed service providers (MSPs)
• Payroll providers

Evaluate the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assess the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required "user controls" and report any findings to the CISO and vendor management teams
• Liaise with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls
• Support the testing and validation of internal security controls, as directed by the CISO or the internal audit team
• Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
• Coordinate with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems
• Liaise with other security architects and security practitioners to share best practices and insights
• Liaise with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs 

Internal and External Contacts

• Strategic Vendors
• Partners 
• Industry forums 

• C-level leadership 
• All Business and IS leadership 
• Key member of IS Tower leadership team


Functional /Technical Expertise

Bachelor's or master's degree in computer science, information systems, cybersecurity, or a related field.10% travel needed. The enterprise security architect is expected to have minimum 5 years of experience with the following:

Regulations, Standards and Frameworks
• Validated Systems (e.g., GAMP)
• Sarbanes-Oxley
• General Data Protection Regulation (GDPR)
• Privacy Practices
• ISO 27001/2
• NIST Cybersecurity Framework (CSF)

Certifications Preferred: CISSP, CISM, CISA
• Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology
• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services and vulnerability management tools.

Direct experience designing IAM technologies and services:
• Active Director
• Lightweight Directory Access Protocol (LDAP)
• Amazon Web Service (AWS) IAM

Key Leadership / Functional Competencies

Leadership Competency

• Business acumen
• Dealing with ambiguity
• Innovation management
• Intellectual horsepower
• Strategic agility
• Motivating others

Functional Competency

• Knowledge of all components of holistic enterprise architecture.
• Exceptional interpersonal skills, including teamwork, facilitation and negotiation.
• Strong leadership skills. Able to influence others based on earned respect and experience.
• Excellent analytical and technical skills.
• Excellent written and verbal communication skills.
• Ability to translate business needs into EA requirements.

Mondelēz Global LLC is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected Veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Applicants who require accommodation to participate in the job application process may contact 847-943-5460 for assistance.

Applicants must complete all required steps in the application process, including providing a Resume/CV, in order to be considered for this position.