Meaningful Work From Day One:

IT Security Team is responsible for the implementation and administration of information security policies, practices, procedures, and technologies in order to ensure the protection of access, applications, data, networks, platforms, systems, and users.

What You Can Expect:

This position is a security engineer role that will support the implementation and administration of information security policies, procedures, and technologies to ensure the protection of networks, systems, applications, and data. This position will partner with both business and IT personnel to implement security solutions consistent with the Engineering and Architecture strategy.

• Basic understanding of IT Security functions and processes

• Basic knowledge of IT security frameworks like NIST, ISO/IEC 27001 & 27002

• Basic knowledge of IT security regulations like GDPR, FISMA, PCI, SOX

• Identify security design gaps in existing and proposed architectures and escalate as needed

• Identify and escalate risks associated with business processes, operations, information security programs and technology projects

• Identify and communicate current and emerging security threats

• Assist in design of security architecture elements to mitigate threats as they emerge

• Assist in the design, build and implemention of enterprise-class security systems for a production environment

• Recommend and assist in creating or improving processes/solutions that balance business requirements with information and cyber security requirements

• Stay current on security trends by tracking and understanding emerging security practices and standards

• Be an IT Security advocate for security awareness/training, security controls, security processes and most importantly IT Security perception

• Develop relationships with cross-functional teams and begin to develop mutual respect and trust. As the relationship becomes more mature, begin to test your ability to influence a security mindset without applying too much pressure

• Basic application of Governance and Risk Management security practices

• New tasks, assignments, and projects require limited instructions (Basic Project Management understanding)

• Provide 2nd level support and triage on security related issues

Identity & Access Management (Basic Knowledge):

• Authentication (e.g., SSO, MFA, etc.)Access Provisioning

• Attestations & Certifications

• Connections/Integrations

• Identity Analytics

• Privileged Access Management

• Process/Problem Resolution

• Risk Scores (Entitlements, Identities, and Users)

• Role Methodologies

• Segregation of Duties

• User Lifecycle Management (Joiner, Mover, Leaver)

• User Provisioning

• Workflows

IT Security Components (Basic Knowledge):

• Application

• Cloud

• Data

• Endpoint

• Network

• Operations

• Vulnerability Management

We Are Looking For People Who

• Bachelor’s or Master's degree within a related area of study. Work experience accepted in lieu of education

• Certifications in security related areas preferred (e.g., CompTIA Security+, CEH, CISA, MCSA, etc.)

• Minimum of 3 years of experience in IT Security or related field.

Brown-Forman Corporation is committed to equality of opportunity in all aspects of employment. It is the policy of Brown-Forman Corporation to provide full and equal employment opportunities to all employees and potential employees without regard to race, color, religion, national or ethnic origin, veteran status, age, gender, gender identity or expression, sexual orientation, genetic information, physical or mental disability or any other legally protected status.

Business Area: Global Information Technology

City: Louisville

State: Kentucky

Country: USA

Req ID: JR-00005374