Senior Information Security Architect (Hybrid)

Who We Are

Join a team that puts its People First! As a member of First American's family of companies, Data & Analytics is a national provider of property-centric information, analytics, risk management and valuation solutions. First American maintains and curates the industry's largest property and ownership dataset with over 7 billion document images. Our major platforms and products include: DataTree, FraudGuard, RegsData, TaxSource and ACI. The First American Data & Analytics division boasts more than 20 patents and remains at the forefront of innovation - leveraging technology and data to deliver best-in-class decisioning solutions. Fueled by our industry-leading data and using our technology and proprietary process, our solutions provide lenders, real estate and title companies with actionable insights - enabling them to make better, increasingly automated, decisions. With offices in all major metropolitan areas, including California and New York, DNA teams work collaboratively from across the country. Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For list for eight consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.

What We Do

We are seeking a Senior Information Security Architect to join our Database Solutions team in Santa Ana, CA! As a Senior Information Security Architect, you will be responsible for protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Essential Functions

• Top level technical expert in all areas of Information Security.

• Champions change, drives and sets technical direction affecting multiple groups/business units.

• Provides leadership by instructing, mentoring and training team members within and outside the work group.

• Interacts with and influences senior management on technical matters requiring coordination between organizations.

• Provides technical consulting on complex projects.

• Devises or modifies procedures to solve complex problems considering computer equipment capacity and limitations, operating time, and form of desired results.

• Further develops and documents the security architecture vision and strategy to support key business processes and requirements. Defines the optimal enterprise security architecture in terms of processes, standards and technologies.

• Defines, documents and promotes the enterprise security target architectures and strategic direction; demonstrates and understanding of business drivers and expert knowledge in the broad spectrum of related technologies. Researches, identifies and documents best practice methods and emerging technologies, evaluating applicability and feasibility to the organization.

• Coordinates and partners with IT and business leaders to ensure strategic IT security alignment to business requirements; champions the computer security program to all levels of the organizational.

• Oversees the evaluation and selection of hardware and software security products and design of standard configurations. Assists in budgeting for security analysis and security-related implementation tasks.

• Provides consultative leadership and implementation guidance on system projects focusing on planning, development, implementation and operationalization of strategic security technology directives.

• Provides leadership in the adoption of and migration to an ISO27002- based security architectures and standards.

• Recommends installation, modification or replacement of any system component, hardware or software, and any configuration change that improves the confidentiality, integrity, and availability of systems.

• Establishes and documents guidelines and processes to assist in certification and accreditation activities, including Security Test and Evaluation (ST&E), Risk Assessments, and Independent Validation & Verification (IV&V).

• Establishes, documents and monitors processes to support least privilege principle for critical and sensitive systems that impact the operation business of the Authority.

• Maintains ongoing awareness of potential threats to the security and/or integrity of the business unit's systems and data; to include computer viruses, patterns and methods of unauthorized intrusion, etc.

• Conducts security briefings and other types of security training to foster an awareness of the security program throughout the Business Unit.

Knowledge and Skills/Technology Used

• Mastery of the information security principles, concepts, methods, and best practices; expert knowledge in computer security exploitation and compromised.

• Extensive knowledge of program design and system software routines, e.g. those providing an audit trail of activities against sensitive data files.

• Extensive knowledge of the administration and management of multi-dimensional operating systems, databases, and applications.

• Thorough understanding of standard network model and risks present at each layer, cryptography and the functions of key management, SSL, and TLS.

• Thorough understanding of multi-tier application security, system authentication technologies and concepts of Identity Management and associated technologies.

• Practical experience in performing risk assessments leading to formulating and mapping information security policy and standards to ensure compliance with regulatory and legislative compliance (PCI, SOX, HIPPA, GLBA)

• Consult and provide guidance on complying with appropriate policy/standards/measures.

• Has proven leadership skills and is results focused.

• Appropriate interpersonal skills to communicate and work effectively at all levels of the organization.

• Is process and procedure oriented

• Demonstrates ability to organize, plan and carry out assignments with minimal supervision.

• Requires experience in engagement management and reporting including project planning, budgeting and tracking engagement progress and success.

• Demonstrate success in project management and implementation of security systems and strategies.

• Demonstrated success in establishing and managing relationships within IT security functions.

• A solid knowledge of Information Security practices, IP network, desktop and data security management.

• Strong understanding of Active Directory, Host and network intrusion prevention technologies.

• Strong understanding of application development security.

• CISSP Security preferred.

• Familiarity with privacy and security regulatory standards and requirements.

Typical Education

• Mastery of the information security principles, concepts, methods, and best practices; expert knowledge in computer security exploitation and compromised.

Typical Range of Experience

• Must have minimum 7 years information security experience.

License or Certification

• CISSP (Certified Information Systems Security Certified Professional), SSCP (Systems Security Certified Practitioner), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Management), CCNA, CCNP, MSCE

Pay Range: $103,600-$173,000

This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location

What We Offer

By choice, we don't simply accept individuality - we embrace it, we support it, and we thrive on it! Our People First Culture celebrates diversity, equity and inclusion not simply because it's the right thing to do, but also because it's the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.

Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.