: Director of Risk and Architecture
3 Van de Graaff Drive
Burlington, MA 01803

Employee Testimonials

Sophos Employee Testimonial
Sophos Employee Testimonial

Video

Director of Risk and Architecture – Job Description

Job Purpose

The risk/arch director leads a team of Cybersecurity architecture and risk professionals responsible for designing and applying Sophos’ Cybersecurity architecture and controls framework across the organization.

Reporting to the CISO, this team will need to operate globally and cross-functionally working with Product, IT and other technical teams to ensure robust Cybersecurity services and controls are designed, implemented, monitored, tested & maintained.

The perfect candidate will have a deep “full-stack” understanding of modern computing environments combined with a strong awareness of the business contact and risk. They will need to exhibit creativity and have a threat-driven risk management approach to help engineering teams utilize modern and emerging technologies; maintain and improve the velocity of their development processes; and satisfy security and certification requirements.

This a great opportunity to help secure a world-leading cybersecurity company. As you’d expect you’ll be joining an organization that takes security seriously. You will get the opportunity to work with some world-leading experts from across the company in a fast-paced and exciting environment where security is a priority.

Duties & Responsibilities

Leads a global team of experienced Cybersecurity risk, architecture and assurance professionals to:

  • Define reference cybersecurity architectures and controls with input from experts across the Cybersecurity team and wider company.
  • Ensure security assurance processes are repeatable, efficient and have measurable outcomes.
  • Build and maintain automation and technical tooling to reduce manual errors, fatigue and friction.
  • Identify top cybersecurity risks to the organization using a data-driven approach.
  • Identify opportunities to reduce friction caused by security controls.
  • Define, implement, maintain, measures and continually improves information assurance programs, policies and standards based on the threat landscape, regulatory, and resource demands.

Articulates complex technical security risks into business focused terms and communicates to executive stakeholders.

Has and maintains (via conferences, etc) an expert knowledge of industry trends and developments; advises on changes to the threat landscape and adjusts organizational controls as appropriate.

Inputs teams experience and knowledge into improving Sophos product features and design via strong relationships with product management and the Cybersecurity teams “dogfooding” program.

Works closely with:

  • Engineering, Product Management and IT leaders to provide technical and advisory services to assist in the reduction of risk and application of controls.
  • The Legal team to assist with the enforcement and monitoring of relevant legislative, contractual and compliance requirements.
     

Special Conditions

  • Occasionally required to be available out-of-hours.

 

Qualifications

Essential

Desirable

Educated to bachelor’s degree level in a relevant field

 

Security-related professional certification (CISSP, OSCP, etc)

 

Skills & Experience

Essential

Desirable

Experience with modern offensive and defensive techniques.

Knowledge of software development processes.

A strategic mindset with at least 10years experience in a senior security role.

Experience working in a global environment.

Experience building and managing high-performance teams.

Experience presenting research material at security conferences.

Hands-on experience with leading cloud computing providers (AWS, Azure, GCP) and associated security architecture.

Contributions to open-source security projects and/or publications.

Expertise in security risk management in a business context with practical experience developing and implementing appropriate mitigation strategies.

 

Real-world experience defending against sophisticated threats and an understanding of APT TTPs.

 

Familiarity with compliance frameworks such as ISO 27001, SSAE16, NIST, CIS Top 20, etc.

 

Resourcefulness and adaptability to navigate complexity and ambiguity.

 

Ability to work in a fast-paced, rapidly evolving company environment.

 

Excellent communication, presentation and interpersonal skills.

 

Ability to drive business-wide results by establishing relationships with senior stakeholders, collaborating effectively and ensuring accountability.

 

 

Full-time

Employee Testimonials

Sophos Employee Testimonial
Luca Besana
Channel Account Executive, Sales Si

Great company, impressive vision, and outstanding team. These are the ingredients of the Sophos recipe. Probably the best choice I’ve ever made in my life.

Sophos Employee Testimonial
Nicholas Sacchetto
Channel Account Executive, Sales

Since Day One, I realized that Sophos is a visionary company and at the same time very pragmatic. I joined a very solid team that is way ahead of the competition. What’s more, I really enjoy selling products I like.

Sophos Employee Testimonial
Abigail Igbuhay
Technical Support Engineer

To work at Sophos means to go out of your comfort zone and constantly craving for being a better you.

Sophos Employee Testimonial
James Calalo
Technical Support Engineer
It's very challenging. You will learn how to be self-reliant and be a team player at the same time.  The management recognizes the effort you exert,.  There is work-life balance and employees are friendly.