Summary

The Security Engineer is responsible for designing, building, testing and implementing security systems and process within Franchising System corporate and restaurant networks.

Essential Functions

Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.

Develop security strategy plans and roadmaps based on sound enterprise architecture practices.

Develop and maintain security architecture artifacts (models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.

Develop guidance and recommendations for franchisees on PCI standards and compliance.

Track developments and changes in digital business and threat environments to ensure that these are adequately addressed in security strategy plans and architecture artifacts.

Participate in application and infrastructure projects to provide security planning advice.

Develop, implement and refined security procedures and standards.

Conduct security assessments of internal systems, applications and IT infrastructure as part of the overall risk management practice of the organization.

Conduct vulnerability assessments and other security reviews of systems, and plan and prioritize remediation.

Conduct code reviews of applications to determine security flaws or other issues that would impact the confidentiality, integrity or availability of the system.

Direct internal and third-party technicians on information security, applications and infrastructure to produce optimal designs.

Produce and maintain technical documentation of systems and architectures.

Support vendor selection and analysis by evaluating third party security fit within the domain.

Maintain professional and technical knowledge through appropriate training courses, selected reading, conferences and involvement with professional organizations.

Competencies

Decision Making & Problem Solving: Uses judgment, common sense and sensitivity in addressing issues and seeking solutions to problems and challenges; gathers appropriate information.

Security Concepts: Solid understanding of authentication, authorization, and Active Directory.

Communication: Verbal, written, presentations to others; communication up – same level – direct reports; inclusive, honest, direct, timely; clear, concise; confronts with unshakable facts; delivers ideas for solutions with problems.

Change Management: Supportive of change; reacts quickly and appropriately; accepts direction and constructive feedback.

Innovation & Creativity: Seeks new ways to improve efficiency, effectiveness, quality; offers suggestions and solutions to obstacles and challenges.

Planning: Organized and able to establish priorities, delivers the desired results; manages multiple deadlines and priorities with professional attitude. Recognizes priorities and responds with a sense of urgency. Follows procedures and policies in planning and executing job responsibilities.

Organizational Relationships: Builds effective relationships with both external (guests and suppliers) and internal (team members) stakeholders, and between levels, teams and across functions. Supports other teams, negotiates and has the ability to influence others.

Quality of Work/Accountability: Delivers quality work on time at the desired standards using resources and time allocated.

Preferred Qualifications

Bachelor’s degree in computer science, cybersecurity or related field

Minimum of five years of relevant experience

Experience in using security architecture methodologies

Experience reviewing application code for security vulnerabilities

Direct experience using vulnerability management tools

Full-stack knowledge of IT infrastructure

Experience designing IAM technologies and services (e.g., Active Directory, LDAP, Azure, IAM)

Strong working knowledge of IT service management

Working knowledge of:

• Payment Card Industry's Data Security Standard (PCI-DSS)
• General Data Protection Regulation (GDPR)
• Privacy Principles (best practices)
• International Organization for Standardization (ISO) 27001/2
• National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

Strong verbal communication and writing skills

Experience leading and mentoring individuals and groups

Ability to concentrate on a wide range of loosely defined complex situations, which require application of creativity and originality, with limited guidance and counsel

High level of organizational and project management skills to handle multiple concurrent assignments in a timely manner