WAWA – Wawa, Inc. – Corporate Office
Job Title: Information Security Engineering and Architecture Team Lead
Department: Information Technology
Job Summary : The Information Engineering and Architecture Team Lead is responsible for leading, maintaining, and improving the information security program to ensure that information assets and associated information systems are adequately protected in the technology ecosystem in which Wawa operates. This role leads all day-to-day operations, functions and capabilities relating to technology security engineering and security architecture. The role serves as a subject matter expert in the areas of Payment Card Industry (PCI) compliance, NIST CSF, and general information security best practices across all technology domains. The lead is responsible for operating and improving Wawa’s technology security engineering and architecture processes to secure and maintain Wawa’s technology-related and 3rd party connections. As a secondary duty, this role will support incident response processes.
Lead the Information Security Engineering & Architecture Department
Lead a group of Information Security engineers and Architects, consisting of direct reports. This includes budgeting, hiring, training, developing staff, conducting performance reviews, and conducting team meeting and one-on-ones. Work with the Manager of Information Security Engineering and Architecture to support budgeting and resource planning across the department.
Lead team that assesses, designs, builds and implements enterprise-class security systems for a production environment’s information systems, networks and data. Produce detailed security architecture artifacts.
Participate in Architecture Review Boards by providing security expertise to guide development of secure architectures.
Lead teams to develop, align, and implement security standards and frameworks within overall business and technology strategy.
Assist with planning and execution of information security testing for all areas of the technology operating environment.
Identify and communicate current and emerging security threats.
Design security engineering and architecture elements to mitigate threats as they emerge.
Create solutions that balance business requirements with information and cyber security requirements
Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
Lead the operation of the information security management framework and update based on industry standard frameworks and lessons learned.
Develop and implement tooling to provide preventive, detective, and reactive security configuration validation and correction.
Lead implementation of technology related to third party vendor engineering and architecture programs and ensure inclusion of applicable information security requirements. Assist Information Security Risk and Compliance team in validating vendor contracts meet security requirements.
Provide support to Information Security Incident Response team during cyber incidents.
Provide Strategic Support
Assist the Manager of Information Security Engineering and Architecture with the development of the organization’s information security vision and strategy.
Develop metrics and reporting framework to measure the effectiveness of the program.
Work with the Enterprise Architecture and other IT teams to ensure that information security requirements are built into architectures and new technology projects.
Partner with the Information Security Risk and Compliance team to support the development and maintenance of Wawa’s technology security policies and standards and ensure their application to technology architectures. Assist Information Security Risk and Compliance with ensuring the ongoing compliance with both regulatory obligations and internally developed policies and standards.
Serve as Security Liaison
Maintain internal networks among information security, information technology, audit, legal, and HR teams to ensure support and alignment on initiatives. Create internal network across IT functions.
Maintain external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, and cybersecurity risks.
Act as technical consultant for internal business teams and the IT department to plan, implement, and support new and existing technologies. Serve as an expert in technical field of knowledge.
Lead the evaluation, investigation, technical deployment, and testing of new technologies to enhance Wawa’s information security infrastructure.
Support audit and assessment process for IT including annual PCI audit, IT general controls review and any other audits or assessments of security and general IT controls.
Provide project management, technical assistance, and strategic vision for technical security services.
Provide information security expertise and guidance on IT and business-related projects as required by the business. Lead and/or participate in IT and security related projects.
Work effectively with business units to facilitate information security engineering and architecture requirements and advocate information security best practices.
Ability to work well individually as well as in a team environment.
Ability to influence and motivate information technology and business teams to achieve tactical and strategic information security goals.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to diverse audiences.
Up-to-date knowledge of methodologies and trends in both business, information security and IT.
Poise and ability to act calmly and competently in high-pressure, high-stress situations.
Proven track record and experience in developing information security engineering concepts and architectural designs.
Must be a critical thinker, with strong problem-solving skills.
Ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Ability to lead large internal security technology projects and security remediation projects with significant dependencies on external IT teams.
Ability to understand large, complex technology implementations spanning hundreds of physical and virtual environments.
High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity.
High degree of initiative, dependability and ability to work with little supervision while being resilient to change.
Ability to be on-call 24x7x365 rotation for information security incidents.
Ability to lead, mentor and influence others.
Minimum of 7 years of experience in a combination of Information Security Engineering, Information Security Architecture.
Understanding of relevant legal and regulatory requirements, such as: Payment Card Industry Data Security Standard.
Degree in technology-related field preferred, or equivalent work- or education-related experience.
Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Defensible Security Certification (GDSA), or other similar credentials.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, Critical Security Controls, and NIST 800-53 and Cybersecurity Framework.
Significant knowledge of information security concepts and technologies such as: networking, network segmentation, vulnerability scanners, firewalls, IPSIDS, network analyzers, data loss prevention, security event management, encryption technologies, proxies, endpoint security, container security, etc.
Strong understanding of cloud and application security principles.
Experience securing large AWS deployments using a multi-account organizational structure.
Strong scripting skills and/or working knowledge of programming language (Python, PowerShell, Ruby, TypeScript, GoLang, etc.).
Experience and strong understanding of the DevSecOps working methodology.
Experience and strong understanding of the SAFE Agile working methodology.
Wawa will provide reasonable accommodation to complete an application upon request, consistent with applicable law. If you require an accommodation, please contact our Associate Service Center at [email protected] or 1-800-444-9292.
Wawa, Inc. is an equal opportunity employer. Wawa maintains a work environment in which Associates are treated fairly and with respect and in which discrimination of any kind will not be tolerated. In accordance with federal, state and local laws, we recruit, hire, promote and evaluate all applicants and Associates without regard to race, color, religion, sex, age, national origin, ancestry, familial status, marital status, sexual orientation or preference, gender identity or expression, citizenship status, disability, veteran or military status, genetic information, domestic or sexual violence victim status or any other characteristic protected by applicable law. Unlawful discrimination will not be a factor in any employment decision.