Information Security Architect

At American Equity Investment Life Holding Company, we think of ourselves as The Financial Dignity Company. Our policyholders work with independent agents, banks and broker-dealers through our wholly-owned operating subsidiaries, to choose one of our leading annuity products best suited for their personal needs to create financial dignity in retirement. We remain steadfast in our commitment to quality products, excellent customer service, integrity, safety and delivering on our promises to our policyholders. Our success comes from hiring people who embody the beliefs that drive our unique, energetic, fast-paced and caring culture of collaboration, ownership and innovation.

We currently fund over half a million retirements nationwide, and have been headquartered in West Des Moines, Iowa, for over twenty-five years, with satellite offices slated to open in early 2023 in Charlotte, NC, and New York, NY. We are a NYSE-listed company and maintain an "excellent" rating from AM Best. Our company has over $57 billion in assets, 26,000 active agents and over 800 employees.

GENERAL PURPOSE OF THE JOB:

The Information Security Architect (ISA) is responsible for guiding Information Technology (IT) leadership and employees in the overall secure design of the on-premise technology infrastructure, cloud computing platforms, system and application landscape, and data constructs that collectively make up the American Equity (AEL) technology operating environment.

The ISA participates in an architectural partnership with many others throughout the IT organization with a results-oriented mindset that leads to a balancing of effective IT system and service delivery with the need to manage the cybersecurity risk inherent in modern technology systems (virtual, physical, on-premise, and cloud-based). The ISA also serves as the resident research expert with the cybersecurity space at AEL to identify, recommend and partner in implementing control technologies and processes designed to effectively manage risk.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Designs secure architectural implementations and integrations of internally-developed and externally-procured solutions that enable business success.
• Determines how to appropriately partner business usability with security risk minimization in both on-premise and cloud-based (SaaS & Paas) technical solutions.
• Serves as a corporate information security technical expert in consultations with senior level IT employees and IT leadership; Acts as a escalation point for technical information security considerations.
• Supports the information security team by providing technical expertise where needed in support of corporate information security objectives.
• Engages with technology architects across all technology disciplines as a champion of the controls contained within the AEL Information Security Control Framework.
• Designs solutions that adequately balance data and system risk with the evolving operational needs of growing organization with an aggressive market strategy.
• Participates extensively in highly complex incident response and forensic analyses of system events within the AEL technology infrastructure (as warranted).
• Engineers secure applications in concert with internal and external application development staff.
• Researches evolving risks, threats, trends, and tactics within the information security landscape to act as the resident operational intelligence expert; Uses that knowledge to assist the Information Security team in risk control design and adaptations.
• Advocates for information security controls and general risk considerations among business and technology processes across all levels of AEL leadership and staff.
• Mentors IT staff as needed toward the goal of an information security mindset.
• Engages with a variety of Information Security operational processes, including SIEM event evaluation, risk assessment, threat modeling, etc.
• Offers extensive input into the iterative maturation of AEL's Information Security program.
• Participates in internal and external audit and testing reviews.
• Maintains/develops technological skills by seeking out training in response to emerging threats and risk trending within the information security field.
• Performs other duties as assigned.

SUPERVISORY RESPONSIBILITIES:

Direct Reports: 0

General Description of Indirect Reports (2 and 3-downs): 0

EDUCATION AND/OR EXPERIENCE:

Bachelor's degree in a technology field of study, six (6) years of experience in Information Security Architect related work, plus a minimum of eight (8) years of IT security experience; or equivalent combination of education and experience.

Experience working as a senior IT security professional is required; experience working with a variety of security vendors and products; experience working with security technologies for websites/applications, networks, servers, desktops and databases.

CERTIFICATES, LICENSES, PROFESSIONAL DESIGNATIONS:

• A minimum of one certification such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP) or Certified Information Systems Auditor (CISA) is required. Multiple industry certifications are very beneficial.
• GIAC desirable

KNOWLEDGE, SKILLS AND ABILITIES:

• Expert level understanding of technical concepts in place within a highly complex system and computing environment.
• Familiarity with security best practices and frameworks.
• Business acumen: ability to understand non-technical business topics.
• Exemplary written and verbal communication skills.
• Ability to find balance between risk management and effective business operation.
• Ability to work cooperatively and successfully with co-employees, customers, and other outside third parties demonstrating strong interpersonal and collaboration skills.
• Ability to successfully handle pressure and meet deadlines in a fast-paced work environment.
• Ability to read, analyze, and interpret the most complex documents.
• Ability to give professional presentations to all levels of the organization using original or innovative techniques or style.
• Ability to apply mathematical concepts and applications to tasks.
• Ability to apply principles of logical thinking to a wide range of intellectual and practical problems.
• Ability to deal with a variety of abstract and concrete variables.
• Ability to effectively manage accountabilities with competing priorities while maintaining time deadlines.
• Ability to travel up to 5% of the time.