Callaway Golf Company is a leader in total performance, premium golf equipment and active lifestyle products while also being a great place to work! We are passionate and push the limits of innovation. We dare to be great while acting with integrity and respect. We stay hungry, yet humble. All while having fun and making golf enjoyable for everyone!
Our company is a blend of experience and diverse backgrounds, and our leaders have a strong history of building and selling successful initiatives. We are working to build a truly groundbreaking company, and we want top-notch people to join us in that mission.
This position is responsible for ensuring that the Company&rsquos technology and data are secure from malicious attacks that may breach or expose the Company&rsquos IT systems, employee information, or intellectual property. This position designs and develops security architecture patterns that meet regulatory obligations and data protection requirements as well as align with the business and company cybersecurity strategy. The Information Security Architect will work collaboratively with security engineers and analysts to build security controls and solutions that align with best in class architecture frameworks and standards.
ROLES AND RESPONSIBILITIES
- Perform assessments of our security program and IT architecture to identify gaps, and recommend actionable and realistic changes or improvements.
- Create solutions that align enterprise security architecture frameworks and standards e.g. SABSA, NIST 800-53, ISO 27002, and overall business and security strategy.
- Perform risk assessments and testing for new technologies and IT projects.
- Develop overall cybersecurity security strategy in coordination with the Director of Global Information Security and VP of Global IT.
- Oversee, prioritize, and execute major projects in our global cybersecurity strategy.
- Develop periodic Board of Directors and Executive Management presentations in coordination with the Director of Global Information Security and VP of Global IT.
- Design policies for systems and software development with the goal of protecting sensitive data.
- Help design a secure infrastructure layer that isolates sensitive data from general access in coordination with Global IT Infrastructure.
- Integral member of the Incident Response Team for all major, high risk incidents of security breaches.
- Works with external law enforcement, management, physical security, Human Resources, Legal, and Finance as necessary to provide technical expertise regarding information security events and incidents.
- Document security requirements and controls for protecting information, systems, and technology assets.
- Define and document how the implementation of a new technology impacts the security posture of the current environment.
- Document and update as necessary all definition and architecture activities.
- Provide input on security requirements to be included in request for proposals RFPs, statements of work SOWs, and other procurement documents.
- Implement and improve Secure Software Development Lifecycle SSDL across organizational teams.
- Participate in architectural reviews, threat modeling of applications across development teams.
- Knowledge of application security standards like OWASP ASV, SCVS along with the knowledge and understanding of maturity models like BSIMM, OWASP SAMM or similar models.
- From a CI/CD perspective, create and evolve continuous strong process across software code development reviews by influencing dev teams to write clean code and follow best development practices.
- Self-motivated and solutions oriented. Willing to take on challenges while adapting to an ever-changing global threat landscape across our global brands.
TECHNICAL COMPETENCIES KNOWLEDGE, SKILLS, ABILITIES
- Expert in at least one of the following programming languages C, Java, or Python.
- Well versed in network security, security policies, cryptography, authentication, and secure communication protocols.
- Must be able to manage, configure, and maintain rules and policies on firewalls, including web application firewalls WAFs with a strong understanding of application data.
- Experience in installation and configuration of endpoint security tools such as antivirus and EDR, configuration management, and asset recognition.
- Ability to design and build enterprise monitoring capabilities.
- Expert knowledge of Security Information & Event Management systems SIEMs such as ArcSight or Splunk.
- Complete command on dealing with security systems, intrusion detection systems IDS, intrusion prevention systems IPS, firewalls, anti-virus software, log management, authentication systems, content filtering, etc.
- Strong technical knowledge of on prem and Cloud environments including Windows, Linux, SQL and Hana database, MS Azure, VMware, Nutanix, etc.
- Work experience in cybersecurity designs for systems, networks, and multi-level security requirements or requirements for processing multiple classification levels of data.
- Knowledge of risk management processes and experience in conducting risk assessments.
- Familiarity with the application of privacy principles to organizational requirements.
- Knowledge of identity and access management methods.
- Strong analytical and problem-solving skills capable of managing projects that drive business objectives.
- Exceptional written, oral, and interpersonal communication skills.
- Ability to work and collaborate in a global-team and global-brand environment.
- Ability to effectively work, collaborate, and communicate with global business teams to define project requirements and deploy projects and train end users for major projects.
- Ability to meet tight deadlines and to prioritize tasks.
- Innovative thinker who is self-directed and resourceful.
EDUCATION AND EXPERIENCE
- Bachelor&rsquos degree in Computer Science or equivalent work experience.
- Minimum 8+ years in IT, with 5 years of information security experience across a combination of Antivirus, EDR, IDS/IPS, Firewall, SIEM, FIM, Database, and application monitoring technologies.
- Experience and proven track record working on large scale, global, enterprise information security projects and programs.
- Proven work experience as an information security architect and/or engineer. Experience in using software / hardware / networking tools for White-Hat Hacking is a plus. Hands on Linux and Windows Administrator functions.
- Previous experience working in a highly regulated industry that collects personally identifiable information PII.
- Experience with Incident Response IR, forensic, and &ldquohunting&rdquo for security events.
- Security certifications, such as AWS Certified Solutions, PenTest+, OSCP, would be a plus.
- CSSP, CCSP, CISSP, CISM or similar certification required.
- Strong knowledge and competence in a variety of industry and regulatory frameworks for cybersecurity, data privacy, and IT such as ISO 27001, ISO 27017, PCI-DSS, SOX-404, NIST CSF, NIST SP 800-53/ITSG-33, CCPA and CPRA, GDPR, ITILv3, SOC 2, and SOC 3.
Callaway Golf is an Equal Opportunity Employer.