Tribune Media Sec Architect

•Download as DOCX, PDF•

0 likes•61 views

This document describes the responsibilities of a Senior Security Architect/Engineer position at Tribune Media. The role involves leading security architecture design and implementation across all teams, evaluating new systems for security requirements, and assisting in risk assessment and compliance. Key responsibilities include designing and operating security tools, policies, and standards; assessing vulnerabilities; and providing guidance on security architectures, technologies, and controls.

Senior SecurityArchitect/Engineer
Work withall teamsinTribune Medialeadingthe design,implementation,andoperationof enterprise-
wide securityarchitecturesaswell asresearching,developingandrecommendingarchitectural policies
and practices forcurrent andfuture securityinitiativesfromdefinitionphase throughimplementation
and operation.
RESPONSIBILITIES
• Evaluationof IT systems,appliances,anddevicesbeingproposedforuse withinthe
environmentandtheirabilitytomeetTribune Media’ssecurityrequirements,recommendingmitigating
controlsforidentifiedlimitationsandrisks.
• WorkingcloselywithotherTribune MediaEnterprise Architectstoensure securityrequirements
are addressedinall phasesof projectlifecycles.
• Design,implement,andoperate securitytoolsacrossthe Tribune Medianetwork
• Assistinginthe creationandmaintenance of enterprisesecuritypolicies,controls,andstandards
for technologiesdefinedwithinthe TribuneMediataxonomy.
• Assistinginidentifyingandassessingriskaspartof the overall RiskManagementprocess.
• Participatesinthe discovery,documentationandrefinementof businessrequirementsto
ensure alignmentwithtechnicallyviablesolutiondesigns.
• Subjectmatterexpertiseacrossapplications,data,database,middleware,network
(Intranet/Extranet/Internet),security,andclientplatform(Includingmobile) ITproductsandservices
• Designs,documentsandrecommendsimprovementstosecurityarchitectures,technologies,
and relatedsecuritycontrols.
• Developsandmaintainsthe securitytechnologyplanandroadmaptoprovide adefense in
deptharchitecture.
• Works withTribune Mediateamsonvulnerabilityassessmentandremediation.
• Providesguidance toprojectteamsregardingcomputingsystemornetworkconfigurationand
securitycontrols.
• Works withDevelopsandmaintainscomputingsystemandnetworkbuildstandards.
• Providesguidance andanalysisfortuningsecuritysystems’rules,alertingandreporting.
• Recommends, validates,maintainsandimplementsinformationsecuritystandards,guidelines
and procedurestoensure compliance withthe InformationSecurityprogram.
• Recommendsappropriateandcosteffectivecontrolstoaddressidentifiedsecurityarchitecture-
relatedrisks.

• Implementscomplexsecurityarchitecture projecttasksincludingprovidingrequirementsfor
designingandimplementingcomponentsof the InformationSecurityprogram.
• Interfaceswithexternal departmentsandvendorstoprovide expertlevel consultation
concerningInformationSecurityarchitecturesandthe,implementationandintegrationwithexisting
networkenvironments,applicationsandservices.
• Providesassistance tootherTribune MediateamsregardingInformationSecurityarchitecture
issuesandcontrols.
• Evaluatesthirdpartyproductsand servicestoverifythattheymeetsecuritystandardsandwill
integrate seamlesslyandsecurelyintothe TribuneMediacomputingarchitecture.
• Providesaleadershiprole inthe design,implementationandmaintenance of consistent
applicationandinfrastructure architecture securityprograms.
• Works withInternal auditandotherdepartmentstoensure securitycontrolsmeetregulatory
compliance suchasSOX,PCI, or HIPAA
• Ownsecurityadministrationforall SaaSapplications.
• Developedandsupportedall accesssecurityforWorkdayERPand HCM application.
• DevelopedsecuritysettingsforAnaplanbudgetingapplication.
• Maintainfull supportforWorkdayand AnaplanSecurity.
• Developedadd-onsforProcurementandUsertime trackingwithinWorkday.
• Review,test,andimplementall securityconfigurationinWorkdayforbothERP andHCM.
• Reviewall useraccessrequeststoensure noseparationof dutiesconflicts.
• Performbi-annual WorkdayuseraccessreviewandSeparationof Dutyreview.

Similar to Tribune Media Sec Architect

Irfan Ur Rehman

C_COHEN_RESUME

Carl Cohen

The Netizen Approach to Security and Innovation

Netizen Corporation

Cyber Security Applied to Embedded Systems Training is a 2-day training talks about basics of embedded systems and uses of Cyber Security to show exceptional vulnerabilities that are usually misused. find out about strategies and methods considering cyber security measures in the whole framework life cycle and obtaining. Secure Embedded Systems incorporate numerous methodology, strategies and procedures to flawlessly coordinate cyber security inside embedded framework programming. Takeaways from this course include: Examining how to cybersecurity fit in the embedded systems Fundamentals of Cybersecurity Fundamentals of Embedded Systems Fundamentals of embedded system product design cycle, project management, design for production, V&V and O&M Embedded Systems Security Requirements Fundamentals of hardware and firmware analysis and design in embedded design Vulnerabilities in embedded systems Embedded hardware and firmware analysis to detect vulnerabilities Foundation knowledge of cyber security threats, risks, mitigation strategies applied to embedded systems Exploitable vulnerabilities in embedded systems and techniques and strategies for systems engineering embedded systems Communication protocols, wired and wireless networks, information and network attacks and their impact on embedded devices Risk assessment techniques and methodologies and using defensive tools for mitigating risk and vulnerabilities Course Topics: Cybersecurity 101 Introduction to Embedded Systems Embedded System Vulnerability Analysis Exploiting Real Time Operating Systems Securing Embedded Systems Interfaces and Protocols Cybersecurity Attacks and Best Mitigation Practices for Embedded Systems Case Study and Workshop This course will likewise train understudies how to examine, turn around, investigate, and abuse embedded RTOS firmware. Hands-on involvement with an assortment of true gadgets, RTOS's, and designs furnish understudies with the down to earth information and aptitudes important to be capable in RTOS defenselessness examination and misuse. We will examine chance evaluation philosophies, disappointment examination and utilizing protective tools to moderate cyber hazard and vulnerabilities. Call us today at +1-972-665-9786. Learn more about this course audience, objectives, outlines, seminars, pricing , any other information. Visit our website link below. Cyber Security Applied to Embedded Systems https://www.tonex.com/training-courses/cyber-security-applied-embedded-systems/

Cyber security applied to embedded systems

Tonex

Embark on a journey to exam excellence with our comprehensive guide to SY0-701 Dumps for CompTIA Security+. Dive into the intricacies of the SY0-701 exam with meticulously crafted Security+ Dumps designed to simulate the real exam environment. Elevate your preparation, boost confidence, and ensure success on exam day. Join a community of achievers who have trusted our SY0-701 Dumps for a proven pathway to mastering the CompTIA Security+ certification. Uncover the key insights and strategies essential for acing the SY0-701 exam. Your success begins with the right preparation – explore our Security+ Dumps and pave the way for a successful career in cybersecurity.

SY0-701 Dumps | SY0-701 Preparation Kit

bronxfugly43

OT Security Architecture & Resilience: Designing for Security Success

accenture

These are the slides from two related sessions at The Open Group conference: 1. Zero Trust Commandments – THE rules of the road 2. Zero Trust Reference Model ----------------------------------------------- Zero Trust Commandments – THE rules of the road ----------------------------------------------- Zero Trust is the de-facto standard for modern cybersecurity that helps organizations secure the ‘hybrid of everything’ technical estate spanning IT, OT, IoT, cloud, Artificial Intelligence (AI), data, and more. The Zero Trust Commandments provide THE rules for security and Zero Trust that clearly describe how security aligns to business goals and risks while becoming agile to adapt to continuously changing business requirements, technical platforms, and security threats (including ransomware, nation states, and more). Come and learn the “what” and “why” of Zero Trust, the Commandments and how they apply to you, your role in your Zero Trust journey, digital business and cloud initiatives, and their impact on resilience and sustainability. Learn how to apply Zero Trust as an essential component of a Sustainable Enterprise as it seeks to adopt the requisite technology in a secure manner. -------------------------- Zero Trust Reference Model -------------------------- Zero Trust is the de-facto standard for modern cybersecurity that is being globally adopted by The Open Group, SABSA, NIST, NCRC, the US cybersecurity directive, CISA, CSA, and more. The Zero Trust reference model standard enables you to plan and start Zero Trust by clearly defining the vision and philosophy of Zero Trust, the three-pillar implementation model that integrates Zero Trust into an organization’s processes, as well as defining each capability and architectural building block (ABB) from Security Zones to Adaptive Access to Governance to Security Operations (SecOps/SOC), and more. Come and learn about the capabilities and building blocks of Zero Trust and how to practically approach its implementation to reduce blast radius of attacks, reduce attack surface, and operate in an assume compromise/breach mode. This will result in an increased ability to block and remove attacker access to your organization’s valuable business assets, increasing your organization's resilience and sustainability. We will also illustrate it in the context of IT and OT, and how it is essential for the sustainable enterprise. Nikhil and Mark are practitioners and thought leaders who have taken numerous organizations on this journey, lead the Zero Trust Working Group, and are co-authors of this Standard. Learn from their hands-on experience across a myriad of customers and industries.

The Open Group - ZT Commandments and Reference Model.pptx

Mark Simos

Connection can help keep your business secure!

Heather Salmons Newswanger

Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.

Introduction to Cyber Resilience

Peter Wood

Specialist security enigneer

Mark Long

Security Culture from Concept to Maintenance: Secure Software Development Lif...

Dilum Bandara

Specialist Security Engineer

Mark Long

This course covers effective strategies, techniques, systems, polices, and procedures to establish stronger cybersecurity and cybercrime controls, reduce operational risk, and improve online working whilst covering international best practices, ISO standards, compliance, audit, and industry regulations. In today’s world and further into the digital future, all organizations face an ever-increasing number of information-related security challenges and risks against a backdrop of increasing national and global compliance, and audit standards and legislation. Cybersecurity is the protection of data from theft and damage, business information, people’s identities, and how all businesses can be better equipped to work more safely in an increasingly online world where sensitive and personal information is stored, shared, and communicated. This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and cybersecurity. Participants will develop key skills and core competencies that will allow them to meet the ever-changing information security demands of the 21st century. Course Participants will: Understand today’s and tomorrow’s cybersecurity and cybercrime threats, issues, and risks; how to set up policies, train users, create strategies, and implement systems and tools to help protect data, information and people’s identities Manage the growing volume of confidential, sensitive business information and data to protect, keep safe, and communicate securely against a backdrop of increasing cyber threats, as well as privacy, legal, and compliance regulations Develop strategies and ways of working to improve detection of cybersecurity threats and improve information compliance Understand the security-related international information compliance and regulations, including industry specific standards Expand the expertise of personnel involved in developing skills and knowledge in the latest techniques, processes, and systems on cybersecurity Who should attend: Vice Presidents, Directors, General Managers Chief Information Officers Chief Security Officers Chief Information Security Officers Chief Technology Officers Heads of Departments in Information Security Management Information Systems, IT Infrastructure, IT Architecture, Network Operations, IT Operations, IT Data Center, DataBase Management, IT Deployment, IT Business Enterprise, IT Risk Management, IT Quality Assurance, IT Audit, Risk Management, Internal Audit, Business Continuity Planning

Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...

360 BSI

The concept of Enterprise Security Architecture (ESA) is not new (Gartner 2006), yet the numbers from the past several years’ worth of breach data indicates that most organizations continue to approach security on a project by project basis or from a compliance perspective. This talk will refresh the ESA concept and communicate tangible and realistic steps any organization can take to align their security processes, architecture and management to their business strategies, reduce business risks and significantly improve their overarching security posture.

Does Anyone Remember Enterprise Security Architecture?

rbrockway

Engineering council uk guidance on security for engineers & technicians

Bhim Upadhyaya

The strategic importance of Information Security for organisations is gaining momentum. The current surge in cyber threats is compelling organisations to invest in information security to protect their assets. Rushing to protect assets often comes with the expense of excessive technology adoption without a valid strategic foundation. Enterprise Security Architecture is geared to address these issues, but is frequently misaligned with Enterprise Architecture. In this presentation we explore avenues for the adoption and enforcement of Security-By-Design in the Enterprise Architecture value-chain so as position Risk, Security and IT as true business enablers.

Security-by-Design in Enterprise Architecture

The Open Group SA

Project Quality-SIPOC Select a process of your choice and create a SIPOC for this process. Explain the utility of a SIPOC in the context of project management. ( Application security in large enterprises (part 2) Student Name: ) ( Instructor Name ) Detailed Description: Large enterprises of a thousand persons or more often have distinctly distinct data security architectures than lesser businesses. Typically they treat their data security as if they were still little companies. This paper endeavors to demonstrate that not only do large businesses have an entire ecology of focused programs, specific to large businesses and their needs, but that this software has distinct security implications than buyer or small enterprise software. identifying these dissimilarities, and analyzing the way this can be taken advantage of by an attacker, is the key to both striking and keeping safe a large enterprise. The Web applications are the important part of your business every day, they help you handle your intellectual property, increase your sales, and keep the trust of your customers. But there's the problem that applications re fast becoming the preferred attack vector of hackers. For this you really need something that makes your application secure. And, with the persistent condition of today's attacks, applications can easily be get infected when security is not considered and scoped into each phase of the software development life cycle, from design to development to testing and ongoing maintenance of the application. When you take a holistic approach to your application security, you actually enhance your ability to produce and manage stable, secure applications. Applications need training and testing from the leading team of ethical hackers, for this there should be an authentic plan to recover these issues that can help an organization to plan, test, build and run applications smartly and safely. Large enterprises of a thousand people or even more have distinctly different information security architectures than many other smaller companies. Actually, they treat their information security as if they were still small companies. We are going to discuss some attempts to demonstrate that not only do large companies have an entire ecology of specialized software, specific to large companies and their needs, but that this software has different security implications than consumer or small business software for the applications. Recognizing these differences, and examining the way this can be taken advantage of by an attacker, is the key to both attacking and defending a large enterprise. It’s really important to cover up the security procedures in the large enterprise. Key Features: · Web application security checking from development through output · Security check web APIs and world wide web services that support your enterprise · Effortlessly organize, view and share security-test outcomes and histories · Endow broader lifecycle adoption th ...

Project Quality-SIPOCSelect a process of your choice and creat.docx

wkyra78

CV_Rohit Garg

rohit garg

· Technical security expert supporting the development and sustainability of secure products and practices. · Subject matter expert in application security delivering tactical mentorship and strategic consulting in terms of building a security-focused culture, secure development best-practices and application security awareness as well as contextualizing the threat landscape and associated risks for DML and its programs. · An active and critical participant in the design and implementation of internal and external payment services and mentor others in these efforts (including creating user stories, secure code review, providing up-front and ongoing security consultation, reviewing and enabling testing efforts, etc.). · Adaptive communication skills to influence cross functionally without direct authority, comfort speaking with customers and business partners at all levels. · Motivated self-starter with an agility and ability to manage ambiguity, deal with and anticipate change while still meeting business objectives •Passion for great product design, security and usability. · Experience with application threat modeling or other risk identification techniques • Current knowledge of security best practices, common exploits, and threat landscape • Understanding of Agile methodologies. · Ability to build secure DevOps architecture patterns and provide guidance on how to develop secure applications and infrastructures. · Strong understanding of Information Security, Authentication and Data Privacy within the domain of Digital Commerce including relevant practical experience. · Demonstrated experience designing Secure multi-domain Internet facing applications. · Knowledge of the security architecture of web-based network environments and secure communication between environments. · Knowledge and technical security experience in Cryptography, including several of the following: PKI, Digital Certificates, SSL, Hashing, Encryption techniques, etc. · Good understanding of Software Development especially related to secure coding best practices. Prior experience programming in Java is a plus. · Experienced in mobile security architecture concepts, design, implementation along with Android and IOS is a plus .

· Technical security expert supporting the development and susta.docx

alinainglis

MCGlobalTech Consulting Service Presentation

William McBorrough

Similar to Tribune Media Sec Architect (20)

Irfan Ur Rehman

C_COHEN_RESUME

The Netizen Approach to Security and Innovation

Cyber security applied to embedded systems

SY0-701 Dumps | SY0-701 Preparation Kit

OT Security Architecture & Resilience: Designing for Security Success

The Open Group - ZT Commandments and Reference Model.pptx

Connection can help keep your business secure!

Introduction to Cyber Resilience

Specialist security enigneer

Security Culture from Concept to Maintenance: Secure Software Development Lif...

Specialist Security Engineer

Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...

Does Anyone Remember Enterprise Security Architecture?

Engineering council uk guidance on security for engineers & technicians

Security-by-Design in Enterprise Architecture

Project Quality-SIPOCSelect a process of your choice and creat.docx

CV_Rohit Garg

· Technical security expert supporting the development and susta.docx

MCGlobalTech Consulting Service Presentation

Tribune Media Sec Architect

1. Senior SecurityArchitect/Engineer Work withall teamsinTribune Medialeadingthe design,implementation,andoperationof enterprise- wide securityarchitecturesaswell asresearching,developingandrecommendingarchitectural policies and practices forcurrent andfuture securityinitiativesfromdefinitionphase throughimplementation and operation. RESPONSIBILITIES • Evaluationof IT systems,appliances,anddevicesbeingproposedforuse withinthe environmentandtheirabilitytomeetTribune Media’ssecurityrequirements,recommendingmitigating controlsforidentifiedlimitationsandrisks. • WorkingcloselywithotherTribune MediaEnterprise Architectstoensure securityrequirements are addressedinall phasesof projectlifecycles. • Design,implement,andoperate securitytoolsacrossthe Tribune Medianetwork • Assistinginthe creationandmaintenance of enterprisesecuritypolicies,controls,andstandards for technologiesdefinedwithinthe TribuneMediataxonomy. • Assistinginidentifyingandassessingriskaspartof the overall RiskManagementprocess. • Participatesinthe discovery,documentationandrefinementof businessrequirementsto ensure alignmentwithtechnicallyviablesolutiondesigns. • Subjectmatterexpertiseacrossapplications,data,database,middleware,network (Intranet/Extranet/Internet),security,andclientplatform(Includingmobile) ITproductsandservices • Designs,documentsandrecommendsimprovementstosecurityarchitectures,technologies, and relatedsecuritycontrols. • Developsandmaintainsthe securitytechnologyplanandroadmaptoprovide adefense in deptharchitecture. • Works withTribune Mediateamsonvulnerabilityassessmentandremediation. • Providesguidance toprojectteamsregardingcomputingsystemornetworkconfigurationand securitycontrols. • Works withDevelopsandmaintainscomputingsystemandnetworkbuildstandards. • Providesguidance andanalysisfortuningsecuritysystems’rules,alertingandreporting. • Recommends, validates,maintainsandimplementsinformationsecuritystandards,guidelines and procedurestoensure compliance withthe InformationSecurityprogram. • Recommendsappropriateandcosteffectivecontrolstoaddressidentifiedsecurityarchitecture- relatedrisks.

2. • Implementscomplexsecurityarchitecture projecttasksincludingprovidingrequirementsfor designingandimplementingcomponentsof the InformationSecurityprogram. • Interfaceswithexternal departmentsandvendorstoprovide expertlevel consultation concerningInformationSecurityarchitecturesandthe,implementationandintegrationwithexisting networkenvironments,applicationsandservices. • Providesassistance tootherTribune MediateamsregardingInformationSecurityarchitecture issuesandcontrols. • Evaluatesthirdpartyproductsand servicestoverifythattheymeetsecuritystandardsandwill integrate seamlesslyandsecurelyintothe TribuneMediacomputingarchitecture. • Providesaleadershiprole inthe design,implementationandmaintenance of consistent applicationandinfrastructure architecture securityprograms. • Works withInternal auditandotherdepartmentstoensure securitycontrolsmeetregulatory compliance suchasSOX,PCI, or HIPAA • Ownsecurityadministrationforall SaaSapplications. • Developedandsupportedall accesssecurityforWorkdayERPand HCM application. • DevelopedsecuritysettingsforAnaplanbudgetingapplication. • Maintainfull supportforWorkdayand AnaplanSecurity. • Developedadd-onsforProcurementandUsertime trackingwithinWorkday. • Review,test,andimplementall securityconfigurationinWorkdayforbothERP andHCM. • Reviewall useraccessrequeststoensure noseparationof dutiesconflicts. • Performbi-annual WorkdayuseraccessreviewandSeparationof Dutyreview.

Tribune Media Sec Architect

Recommended

Recommended

More Related Content

Similar to Tribune Media Sec Architect

Similar to Tribune Media Sec Architect (20)

Tribune Media Sec Architect