Position: Senior Information Security Architect
The Senior Information Security Architect is responsible for developing and maintaining the enterprise and customer-supported information security architecture. Additionally, this person will develop and enforce information security technology standards, roadmaps, and governance. The Security Architect collaborates within the information technology teams and throughout the business to develop and maintain technology roadmap components to optimize security architecture processes. The Senior Security Architect is expected to demonstrate leadership expertise to execute strategic direction as well as technical expertise in information security management, infrastructure architecture, and an extensive knowledge of NIST requirements and validation methodologies.
The role requires strong technical capabilities in security requirements analysis, security architecture, security operations and maintenance. The position also provides direct support for proposal development including technical design and working with application and infrastructure teams on key initiatives. Even though the position is for a Senior Information Security Architect, there will be opportunities and challenges outside the strict definition of the role, as needed.
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), cloud infrastructure, virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
- Verification of delivered technical solutions against previously approved architecture specifications and change requests.
- Actively lead information security architecture & design using formal risk management methodologies.
- Responsible for supporting audit and certification from various regulatory agencies.
- Collaborate with information technology teams to implement and maintain information security roadmap components.
- Develop and enforce information security architecture standards (enterprise computing, Cloud, network, virtualization, etc.) and best practices as well as enterprise technology platform standards [operating system, database servers, application servers, application integration, virtualization, Cloud, etc.].
- Communicate with key stakeholders in the organization the risks associated with information assets and the opportunities presented by the security architecture.
- Maintain general awareness of developments in the information security marketplace including vendor strategies and report on their potential impact on and applicability to the organization.
- Assist business and technical analysts with the identification of threats to information security, appropriate mitigating controls and assessment of residual risks.
- Assist Developers, Solution Delivery Architects, and support engineers with the application of the security architecture and the design of secure information systems solutions.
- Develop and maintain architecture for IT security tools and services:
- Anti-virus, endpoint protection and malware
- Data loss prevention
- Firewall and IDS / IPS
- Security incident & event monitoring
- File integrity and Program change detection
- Application Vulnerability / Network/OS Scanner
- Forensic tools, Encryption (data at rest and in transit), VPN, and web proxies
- Excellent oral and written communication skills.
- Strong teamwork abilities, leadership, integrity, and relationship-building skills.
- Time management skills are a must, as well as the ability to be flexible and creative.
- Participates in IT Security assessments, risk analysis and reporting.
- Responds to requests for information on IT company policies, practices, guidelines and standards.
- The ability to conceptualize complex business and technical requirements into comprehensible models and templates.
- Ability to work well under minimal supervision.
- Coaching / mentoring junior staff.
- 7-10 years of progressive experience in Information Security Architecture & Design, application development and application security with a broad exposure to infrastructure/network and multiplatform environments.
- 8+ years of expertise in architecture and design of software security standards and procedures development, security education, application penetration testing, vulnerability assessments, risk analysis, management of gap remediation and compliance testing.
- Strong knowledge of Compliance and Regulations (ISO/NIST, COBIT, MARS-E, SSAE-16, HIPPA, FERPA, COPPA, Sarbanes Oxley, and PCI-DSS).
- Strong knowledge of securing virtualized, Cloud, Citrix architectures.
- Strong knowledge of securing BYOD environments (Mobile Device Management).
- Strong knowledge and experience of security-specific architecture and internet security.
- Strong knowledge and experience of enterprise class security tools and their capabilities, limitations etc.
- Strong knowledge of a variety of Operating Systems (e.g. Red hat, Windows, MacOS, Linux and UNIX).
- Professional security certification, such as a CISSP.
- Bachelor's or Master's Degree in computer science, information systems or other related field; or equivalent work experience.
This position will work with confidential and proprietary information that requires a signed Employee Non-Disclosure Agreement upon hire.