Enterprise Security Architect

ITHAKA’s mission is to expand access to knowledge and education around the world. Our services — Artstor, JSTOR, Portico, and Ithaka S+R — enable people everywhere to learn, to grow, and to overcome historical barriers to education. In carrying out our mission, as employees we feel a deep responsibility to each other and our well-being, and are committed to building and sustaining a diverse, equitable, and inclusive workplace.

ITHAKA is looking for an Enterprise Security Architect who can help the organization achieve the highest possible levels of system and data protection and security awareness. You will be responsible for ensuring that ITHAKA's mission and business are protected from cybersecurity threats and risks, working with and advising colleagues to implement that protection.

As Enterprise Security Architect, you will work as a member of the Architects team, reporting to the chief architect. In this role, you will advise the Engineering and Information Technology teams supporting the organization on best practices and systems for effective cybersecurity.

You will lead the efforts to create and evolve the security strategy for ITHAKA, effectively addressing risks to our current and future business and customers. You will help implement this security strategy by developing policies, compliance activities, and security awareness across the organization.

Our team is seeking technology professionals with strong collaboration, technical expertise, and role alignment. Please submit a resume (and optional cover letter) that detail your experience in:

• Collaboration: Experience working with cross-functional teams, stakeholders and executives, such as engineers, architects, or security teams.
• Technical Expertise: Hands-on experience with relevant technologies, emphasizing how they align with the role’s requirements.
• Role Alignment: Job titles and descriptions that accurately reflect strategic and technical contributions, especially for architect-level roles.

Responsibilities

• Develop organizational cybersecurity strategy aligned with business needs and risks
• Partner with Engineering and IT to implement security practices and develop risk assessment skills
• Create application security policies aligned with standards like OWASP
• Review, analyze, and evolve security policies as business needs change
• Lead the Security Awareness Training program
• Lead security incident response
• Ensure regulatory compliance (GDPR, CCPA) in consultation with Legal
• Manage security service providers and risk assessment of vendors and sub-processors
• Support audit processes and business continuity strategy
• Provide regular security status updates to stakeholders

Experience and Skills

• 5+ years in IT/Security …