Familiarity with a "controlled" IT environment (NIST - National Institute of Standards and Technology, ISO 27001 - International Organization for Standardization, PCI -Payment Card Industry , etc.) - direct experience with NIST preferred
Moderate PM skills needed. The projects will not be complex enough to require exceptional PM skills
Experience in either a TOGAF (The Open Group Architecture Framework) or COBIT (Control Objectives for Information and Related Technologies) EA practices or had to have worked closely with one
EA Evangelism: as an organization our EA maturity is low. The best candidate would be a solid communicator and an empathetic person that seeks to help those around them understand rather than expects them to already know.
EA Capability: The development of EA Standards will need to be accompanied by someone that knows what those should look like for an organization in our current state and where we'd like to go (CMMC - Cybersecurity Maturity Model Certification). How do standards, principles and policies inform and relate.
DevSecOps: Experience putting repeatable processes in place for SSDLC (Secure Software Development Lifecycle) enablement is a nice to have
DevSecOps: preferred experience with GitHub, GitHub Advanced Security, GitHub Actions, Azure DevOps and Jenkins
DevSecOps: Experience with SCA (Software Composition Analysis), secret-scanning, SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing) and other security scanning practices applied to an SDLC