IT Security and Risk Management Domain Architect

Posted Date: Mar- 3-2017

Job ID: 6699

Job Type: Full Time

Job Function: Information Technology

City: Kent

State: Washington

What's cool about this job

The IT Security and Risk Management Domain Architect is accountable for ensuring that REI’s IT systems and data are secure through ownership and responsibility of REI’s IT security processes, systems, data, and technology portfolios.

This role partners closely with portfolio planning teams to shape solution architectures during the demand management/intake processes and take a leadership role for our Solution Architects that are responsible for delivering solutions defined by the IT Security Domain Architect. It is a critical architecture role in REI and part of REI’s Architecture community. In addition, this role supports REI’s Information Security function via providing systems that comply with Information Security policies as well as ensure that IT security systems provide functionality suitable to support Information Security’s business functional needs.

  • Provide security technology direction per REI’s Architecture processes
  • Manage IT Security Architecture Principles, Policies and Standards
  • Manage IT Security Technology Roadmap
  • Manage IT Security Architecture designs/models
  • Provide IT Security Architecture project oversight
  • Security design reviews/assesses security implications for introduction of new or differing technologies
  • Provide IT Security Architecture project oversight
  • Advocates and champions of Enterprise Architecture concerns to project teams managed by their domain’s project portfolio
  • Provide assessment, implementation, management and documentation of a broad set of information security technologies and processes (e.g., application security, risk management, data protection, encryption, key management, identity and access management, security governance, network security) within a SaaS, IaaS, PaaS, or cloud environment

Bring your passion and expertise


  • Bachelor’s degree in Computer Science, Cybersecurity, or a related field or commensurate experience in Security Architecture
  • Information Security standards and controls e.g., ISO 27001/27002, NIST Cybersecurity Framework, PCI DSS 2.0 & 3.0/3.1, ITIL, and COBIT frameworks
  • Security Technical Control Systems (SIEM, DLP, NAC, Config, Monitoring, Logging)
  • Cloud Security Alliance best practices and guidelines (CCSK preferred)
  • AWS, Azure, Windows, Linux, iSeries operating systems in hybrid on premise and multi-cloud environment
  • Security concepts related to threat management, authorization and authentication, perimeter security controls, and security lifecycle methods/frameworks (e.g. Microsoft SDL and BSIMM) with specific knowledge for securing PCI and PII data
  • CISSP or GSEC/GCIH/GCIA required
  • CISA/CGEIT (ISACA related) are preferred 
  • CISM, CEH, CompTIA Security+, CompTIA Advanced Security Practitioner, CNSP, CHFI, or other applicable certifications relevant to IT Security are preferred
  • Service-oriented architecture for cloud-based services
  • Cloud access security brokers, cloud services and 3rd party hosted services, and server virtualization products and technologies
  • Ability to scope solution architectures to contribute to estimation activities
  • Ability to coach and mentor Solution Architects 
  • Ability to use and communicate system design patterns and anti-patterns to improve system quality
  • Ability to manage solution architecture design to align to business value
  • Ability to build solution architecture models using UML
  • Minimum of 8 years developing real world scaled solutions with knowledge of full application development lifecycle (SDLC) and methodologies; waterfall, agile and hybrid

Why you'll love it here

REI Information Technology is a team of creative and smart technologists who work in a collaborative environment to build business value through technology. And, we have the support of a great company to tackle some pretty dynamic challenges that will keep REI relevant for years to come. If you have a passion for the outdoors and want to be a part of innovating retail technology, this job is for you.

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.