Stanley Black & Decker, Inc.
Requisition Number49208BRTitleInternet of Things (IoT) Security Architecture ManagerBusinessUS - Global ITState / Country / ProvinceMassachusettsCityWalthamNo. of Positions1Job DescriptionGENERAL SUMMARYThe Stanley Black & Decker (SB&D) IoT Security Architect will join a brand new, highly progressive and cutting edge team at SB&D. The Product Security organization is currently being established to support the success of all digital products across the SB&D portfolio of products. This is an opportunity to join at the ground floor of the establishment of the organization, and be a part of defining and designing a leading-edge practice. Within the Product security organization, the IoT Security Architect will act as a technical consultant, with a primary objective of defining and aligned robust, yet leveled appropriately for product maturity, reference architectures for securing IoT systems. This will include firmware development (including a broad range of internet connect devices such as drones, RFID sensors, IoT tools, etc), mobile applications, REST API integrations, and web portals. In this role, the successful candidate will drive security reference architectures, best practices, security testing support(teaching product teams to fish, but also supplying testing labs with all the appropriate tools for re-use across product teams), and design appropriate risk mitigations for meeting compliance requirements as appropriate in the context of all product lines for the SB&D business units. In addition, in times of incident response, the IoT security architect will act as forensics and technical response lead. PRINCIPAL DUTIES AND RESPONSIBILITIESRelationship Management:Strong consulting skills with an ability to communicate with multiple departments and levels of management in order to resolve technical and procedural security risks.Ability to clearly communicate and report detailed status to senior management and peers.Proactively engage various stakeholders in the business unit as appropriate to get their ‘buy in’ for security initiatives.Be successful at influencing changes without direct reporting line authority. Technical Leadership:Demonstrated experience with IoT enabling technologies, including but not limited too:Constrained RESTful environmentsIPv6 over a network of resource constrained nodesNetworking challenges over low power WANsVarious IoT technical concepts such as JSON, OAUTH, ZIGBEE, and MUD conceptsConcise Binary Object Representation (CBOR) Object Signing and EncryptionBlockchainThing-To-ThingHelp promote technical training, and best practices within de-centralized product engineering teams.Ability to select cyber security testing and code scanning tools (COTS and OpenSource combinations to maximize effectiveness, ease of use and cost effectiveness), and install and maintain tools for use as a shared testing lab by de-centralized teams.Provide technical mentorship and extensive testing resource as needed to up-level the view into the on-going hardening footprint of IoT systems (including all device, web, and mobile components).Technical Process Analysis:Ability to identify and document detailed business cases for recommended shared technical components that will result in significant benefits to SB&D customers, as well as drive consistency and cost effectiveness across the organization.Ability to automate process improvements to allow for easy integration/adoption for product teams where applicable.Sales Support:Review end customer contracts and provide support for deal closure when needed to verify technical accuracy of content or responses.Management:As part of a team of diverse experts, collaborate to drive a common methodology to support consistencies across de-centralized teams.Managing at least one analyst as a direct report that will support the overall mission of the Security Architect functions.Security mentoring for JR staff members as well as non-security personnel across the business.Compliance Framework Expertise:Individual should have a thorough understanding of cyber security best practices and the ability to effectively apply those practices.Familiarity with applying cyber security governance frameworks into engineering organizations.Familiarity with various compliance, privacy, and regulatory standards including Sarbanes-Oxley, SSAE 16, PCI-DSS, ISO 27001, HIPAA, and state and international privacy laws.Other duties as required.ADDITIONAL SKILLSExceptional verbal, written and presentation skills are required.Ability to manage relationships with senior executives.Ability to create technical plans across engineering organizations.Self-starter with the demonstrated ability to drive engagement and cooperation across de-centralized teams.A sense of urgency.Ability to prioritize.Ability to balance conflicting priorities.Ability to articulate technical topics to non-technical personnel.Professional designations are preferred including: CISSP, or various technical designations.Education: A Bachelors Degree in Computer Science, Engineering or related discipline is required. A Masters Degree is desirable.Experience: The successful candidate should have 10 years experience in cyber security or technology. EEO StatementAll qualified applicants to Stanley Black & Decker are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran’s status or any other protected characteristic.,
Stanley Black & Decker, Inc.
Website : http://www.stanleyblackanddecker.com/
When you trace it all the way back, it comes down to three individuals: Frederick Stanley, Duncan Black, and Alonzo Decker. Three passionate individuals who built powerful companies that they were so proud of they put their names on them. Hundreds of years later, we’re proud to continue their legacies and we’re proud to carry their names forward. In 1843, Frederick Stanley started a small shop in New Britain, Connecticut, to manufacture bolts, hinges, and other hardware from wrought iron. With superior quality, consistent innovation, and rigorous operational improvement, Stanley’s company defined excellence, and so did his products. In 1910, S. Duncan Black and Alonzo G. Decker started their shop, similar in size at first, in Baltimore, Maryland. Six years later they changed the world by obtaining the world’s first patent for a portable power tool, and the company they built has been changing the world ever since. Both companies grew in parallel over the ensuing decades, amassing an unparalleled family of brands and products and an even more impressive wealth of industry expertise. In 2010, the two companies combined to form Stanley Black & Decker, to deliver the tools and solutions that industrial companies, professionals, and consumers count on to be successful when it really matters. Just as it was in 1843, our passion for excellence is seen around the world in our disciplined operations, purposeful business growth, and loyal customer relationships.