Director, Security Solution Architect - PVH Corp.

The Security Solution Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.The Director & Solution Architect for Network Infrastructure will be responsible globally for leading the organization’s security architecture specifically focused on the development of visionary technical architecture, design, and implementation standards of solutions that will securely enable our digital transformation.In this role, the candidate sets the security architecture strategy and vision for the organization. The Security Solution Architect must be a leader who will drive the security technology portfolio, oversee its governance, sponsor technical development, be a trusted partner and advisor to key business, infrastructure, and information security partners while driving adoption through cross-functional teams in multiple geographies. Partner as needed across the rest of the TPG organization.Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers.Develop security strategy plans and roadmaps based on enterprise architecture practices.Develop and maintain security architecture artifacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.Track developments and changes in the digital business and threat environments to ensure that they're addressed in security strategy plans and architecture artifacts.Participate in application and infrastructure projects to provide security-planning advice.Draft security procedures and standards to be reviewed and approved by executive management.Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM).Develop standards and practices for data encryption and tokenization in the organization, based on the organization's data classification criteria.Establish a taxonomy of indicators of compromise (IOCs) and share this detail with other security colleagues, including the security operations center (SOC), information security managers and analysts, as well as counterparts within the global command center (GCC).Coordinate with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices.Coordinate with the privacy officer or office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization).Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.Review network segmentation to ensure least privilege for network access.Liaise with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls.Support the testing and validation of internal security controls, as directed by the CISO or the internal audit team.Review security technologies, tools, and services to make recommendations to the broader security team for their use, based on security, financial and operational metrics.Liaise with other architects and security practitioners to share best practices and insights.Experience:   Ten years or more experience in enterprise level security architecture and engineering.Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF.Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, identity & access management, SIEM and log management technology.Verifiable experience reviewing application code for security vulnerabilities.Direct, hands-on experience or a strong working knowledge of vulnerability management concepts and tools.Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.Full-stack knowledge of IT infrastructure:ApplicationsDatabasesOperating systems — Windows, Unix and LinuxHypervisorsIP networks — WAN and LANStorage networks — Fibre Channel, iSCSI and NASBackup networks and mediaDirect experience designing IAM technologies and services:Active Directory / Azure Active DirectoryLightweight Directory Access Protocol (LDAP)Amazon Web Service (AWS) IAMStrong working knowledge of IT service management (e.g., ITIL-related disciplines):Change managementConfiguration managementAsset managementIncident managementProblem managementExperience designing the deployment of applications and infrastructure into public cloud services.Payment Card Industry Data Security Standard (PCI-DSS)General Data Protection Regulation (GDPR)Privacy PracticesISO 27001/2NIST Cybersecurity Framework (CSF)EDUCATION:   Bachelor’s Degree in Information Systems, Computer Science, Engineering, or other related fields required. Builds on and applies existing knowledge. The Security Solution Architect will be expected to draft project plans for security service and technology deployments and coordinate with stakeholders across the organization.PVH Corp. or its subsidiary ("PVH") is an equal opportunity employer and considers all applicants for employment on the basis of their individual capabilities and qualifications, consistent with applicable law and without regard to race, color, sex, gender identity or expression, age, religion, creed, national origin, citizenship status, sexual orientation, genetic information, physical or mental disability, military status or any other characteristic protected under federal, state or local law.