Logo
American Chemical Society

TE25P5 Lead Security Analyst

American Chemical Society, Columbus, Ohio, United States, 43224


Description CAS uses intuitive technology, unparalleled scientific content, and unmatched human expertise to help companies create groundbreaking innovations that benefit the world. As the scientific information solutions division of the American Chemical Society, CAS manages the largest curated reservoir of scientific knowledge, and for 117 years, has helped innovators mine, assess and apply that information to keep businesses thriving. The CAS team is global, diverse, endlessly curious and strives to make scientific insights accessible to innovators worldwide. CAS is currently seeking a Lead Security Architect and Application Security Tester. This position will be located in our headquarters in Columbus, Ohio. Position Summary: This lead security architect supports both ACS and CAS as an enterprise function. The lead security architect will be expected to assess threats and vulnerabilities, analyze data and code, define measurable objectives, and drive implementations of security solutions for the security of the entire enterprise. The role is also responsible for defining/documenting security requirements, standards, patterns, reference architectures and decision trees to enable compliance with company policy and objectives. In addition to aiding in the architecture design/assessment process, this role will also be responsible for performing penetration tests when deemed necessary. Collaboration with business partners to review, assess, and collaborate to harden security controls is essential for success in this role. Job Duties: Proactively work with partners and suppliers to achieve objectives on time and within budget. Takes appropriate actions, when necessary, with partners/suppliers to build enterprise class solutions, respond to issues/threats, and/or communicate to stakeholders all utilizing efficient and effective tools and techniques to mature enterprise information security. Serve as key contributor to the formulation of the organization's information security strategy to safeguard against emerging threats and align with business goals. Create impactful presentations and communicate them with organizational leadership as required. Partner with others in IT to develop and implement security solutions that adhere to industry standards and best practices to strengthen the organization's security posture. Serve as role model for colleagues in adherence with established IT policies and procedures to ensure compliance of all assets within security's remit. Appropriately escalates concerns, risks and issues. Demonstrate expert level knowledge and adherence to industry standards and organizational best practices. Provide advice, coaching and guidance to less senior colleagues. Escalate any concerns or issues related to compliance promptly. Execute and oversee penetration testing activities to uncover security vulnerabilities and strengthen the organization's defenses. Lead security architecture assessments to identify potential weaknesses, ensure alignment with best practices and industry standards and recommend enhancements; this includes but is not limited to evaluating system configurations, network designs, and application security. Proactively provides expert level guidance and documentation of security requirements, standards, patterns, and decision trees to enable compliance with company policy and objectives. Lead collaboration efforts in implementation of security controls aligned to the Enterprise Information Security strategy. Proactively engage in the greater information security and privacy community (e.g. peer groups, seminars, conferences, etc.) to help identify industry advancements, new techniques, and new partners. Demonstrates a positive, proactive and thought leadership attitude to CAS and the greater security community. Apply previous experience and proactive research to problem solve complex risks, issues, and situations. R