Information Security Architect

Metropolitan Airports Commission

Department of Human Resources
6040 28th Avenue South
Minneapolis, MN 55450
Information Security Architect

An Equal Opportunity Employer

$77,134.00 – $119,938.00 Annually

OPENING DATE: 03/23/17

CLOSING DATE: 04/05/17


The Information Security Architect provides enterprise-wide vision and design leadership for the Metropolitan Airports Commission’s cyber security programs.  This includes the design, development, and implementation of enterprise security architectures, policies, processes, and systems.  The work done by the Information Security Architect is an integral component of the organization’s Enterprise Architecture.

The Information Security Architect serves as the primary subject matter expert in the information security field, keeping the organization abreast of regulatory issues, market trends, current threats and technology changes in the field of expertise. The Information Security Architect must also have a detailed understanding of all security domains and information technology processes to effectively design and implement effective information security architectures.

To apply: click the “Apply” link located just above the position description, log-in and follow the instructions provided.

Questions regarding this position can be directed to Kristie Teasley at or 612.794.9151. Applications will be accepted until 3:00 p.m. on Wednesday, April 5, 2017.

Minnesota Government Data Practices Act
The Metropolitan Airports Commission (MAC) collects information from applicants for the purposes of determining employment suitability. Applicants are not legally required to provide the requested information. However, information not provided, other than race, gender, or disability, may prevent MAC from being able to consider the application or determine the applicant’s suitability for the position. The information collected may be classified as public or private data under the MGDPA. “Public” means that data is available upon request. “Private” means the data is only available to the person the information is about, and to those who must see it in the course of conducting MAC business and as otherwise provided for by law. MAC complies with the Americans with Disabilities Act. If an accommodation is required for you to participate in the application process because of a disability or you have questions regarding the application process, contact Anita Bellant at 612-726-8196

MAC is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, gender, age, nationality, or disability.


Design and Support
Designs information security processes and systems to manage risk while helping meet service delivery requirements.  Serves as a visionary applying security principles and best practices through the use of people, processes and technology solutions.

  • Serves as the primary subject matter expert in the information security field, keeping the organization abreast of regulatory issues, market trends, current threats and technology changes in the field of expertise.
  • Confers with senior management and key stakeholders to identify business requirements.
  • Works with senior management to outline enterprise-wide strategic outcomes and tactical goals for information security.
  • Designs, documents and continuously updates core security components of the enterprise information architecture.
  • Takes a lead role in the development of enterprise security policies, standards and guidelines in areas of expertise.
  • Leads the design and implementation of enterprise-wide information security systems.
    • Forecasts needs, capacity and resource requirements in support of the enterprise architect.
    • Uses extensive knowledge of products and managed services to evaluate, test and recommend specific solutions to meet business needs and underlying security requirements.
    • Documents and validates priorities and helps develop implementation and security plans
    • Drives implementation projects
  • Develops metrics to measure the effectiveness of security processes and systems.
  • Implements appropriate information security awareness and training resources.

Provides subject matter expertise on information technology projects and programs, ensuring that robust security controls are embedded in current and future activities.  Serves as the lead technical representative; providing deep security expertise to groups requiring such expertise, including enterprise architecture and major system development project teams.  Provides assistance with the investigation and resolution of significant technology incidents.

  • Serves as the consultant and subject matter expert to such groups as system development project team, architect review and oversight committees, technology governance committees, etc.
  • Helps customers resolve complex people, process and technology issues pertaining to enterprise-wide information security systems.
  • Provides subject matter expertise to help quickly resolve security information technology incidents while minimizing customer impact, preserving evidence for further investigation and legal proceeding and performing post incident analysis to improve processes.
  • Provides subject matter expertise and information to auditors and regulators during external assessments.
    • Acts as a point person for coordinating security type assessment including PCI and other control based assessments that are part of the MAC regular security controls
    • Coordinates responses and necessary remediation activities resulting from assessment cycles
    • Remains abreast of industry standard compliance practices including PCI and NIST CSF
  • Other duties as assigned.


MAC Leadership Competency Requirements

  • Strategic Leadership: Develop and communicate vision for area of responsibility, support mission, vision and values of the organization, champion change and innovation.
  • Judgment: Analyze issues before making decisions; use sound judgment, consider immediate and long-term impact of decisions, apply systems thinking.
  • Business Knowledge: Apply technical/functional expertise, use financial acumen and is business savvy, provide thorough analysis, understand and manage technology and other resources for maximum impact on productivity.
  • Planning and Execution: Focus organization on high priority objectives; foster alignment, establish specific measurable objectives, manage and improve processes, hold people accountable for results.
  • Motivation and Courage: Drive for results, willing to take a stand for the good of the organization, make sacrifices for the good of the organization, and take responsibility for consequences.
  • Communication: Foster open two-way communication, speak with impact, listen and respond with empathy, communicate effectively in writing, apply meeting protocol in public and private forums, produce thorough and accurate reports. Ability to communicate industry standards, best practices, testing techniques, and the interpretation of assessment, and testing results.
  • Self-management: Inspire trust, demonstrate adaptability and flexibility, practice self-development.
  • Collaboration: Foster cooperation across departmental boundaries, respond to requests for assistance in a timely manner, follows through on commitments.
  • Approachability: Encourage frequent, open communications, accessible, visible in the organization, maintain calm and collected presence, and welcomes suggestions and feedback.


  • Five or more years of experience recommending, designing, documenting and implementing security infrastructure solutions in an information security role.
  • Bachelor’s degree in computer science or equivalent field OR a Bachelor’s degree in any field and seven years of experience in a progressively responsible information security role.
  • Certified Information Systems Security Professional (CISSP) or the ability to obtain a CISSP within 6 months; or a CISSP equivalent such as CISM or CISA.
  • Experience in designing, documenting and implementing information security architectures, policies, processes and systems.
  • Advanced technical knowledge within one or more security areas which may include:
    • Intrusion detection and prevention, data loss prevention, vulnerability assessment, encryption technologies, computer forensics, penetration testing, threat modeling and/or identity and access management
    • Secure system design and development principles
    • Information security audit and assessment methodologies
    • Information security and information technology standards such as NIST, ISO 27001/27002 and COBIT
    • Information security legal compliance requirements including data privacy laws, computer crime laws, statewide data protection laws, FISMA, HIPAA, Payment Card Industry, etc.
  • Experience communicating technical issues to non-technical individuals.
  • Ability to engage and influence individuals and teams to achieve security related business goals.
  • Strong communication and documentation skills.
  • Valid state-issued driver’s license and a reliable vehicle to commute between work sites.


  • Experience with PCI industry/compliance (i.e. card holder security, architecture card holder security set-up, day-to-day credit card operations).
  • Experience working with multiple operating systems such as Microsoft Server and Linux/Unix platforms.
  • Experience with information technology frameworks such as ITIL.
  • Additional security field specific certifications.
  • Experience with risk management:  providing assistance in the identification, prioritization, and/or remediation of information systems vulnerabilities.
6040 28th Avenue South,
Minneapolis, MN 55450
EXAM #00419

To apply for this job please visit the following URL: →