Job Description -
The Information Security Architect will report directly to the Director of Information Security and support the CISO to provide the highest quality of information assurance program to our business units and customers. This role will work closely with other members of the Information Security team, Information Technology, Enterprise Architecture, and Business Units and stakeholders.
Qualifications/Requirements:
- Experience with standard security tools: Firewalls, Intrusion Detection/Prevention Systems, Anti-Virus, Vulnerability Scanners, etc.
- Three (3) years in a system administration (e.g., Network, Windows) role
- Five or more years' experience in IT security
- Knowledge of security frameworks and controls (e.g., NIST, CIS, PCI, GLBA, NYDFS)
- Experience in working with compliance and regulatory program requirements
- Experience analyzing network, event and security logs, and/or IDS alert logs
- Proven project management and organizational skills, specifically managing multiple concurrent projects
- Excellent analytical, problem solving and decision making skills, applied with a solution-focused attitude
- Excellent written communication skills, demonstrating the ability to write with purpose, clarity, and accuracy
- Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism
- Excellent teamwork skills
- Four year degree in a relevant field preferred or an equivalent amount of post-secondary education and experience
- License / Certificate (any of the following a plus): CISSP, CISA, CEH, CSSLP, CHFI, CCSP, GCIH, GCIA, PMP, ITIL v3
Desired Skills & Experience/Key Responsibilities:
- Responsibility for the creation of key Information Security Intelligence, Security Analytics, Information Security Architecture, Risk and Privacy and/or Cloud Security assets to be used by the security practice
- Accountability for the development of strategic assets related to specific projects or offerings, as well as the related activities and financials management
- Participate on projects pre-sales activities and delivery
- Participate in infrastructure and application project teams providing consultation on information security designs
- Work on improvements for provided security services including the development of new tools and supporting assets
- Review and define requirements for information security solutions
- Limited travel possible but not regarded as a mobile role
- Collaboration responsibility with delivery team members; Technical and Process design and delivery responsibilities
- Research emerging technologies in support of security enhancement and development efforts
- Perform project leadership tasks on select security projects
- Perform other essential duties as assigned
Primary Responsibilities:
- Enhances security team accomplishments and competence by planning delivery of solutions, answering technical and procedural questions providing technical guidance.
- Secures enterprise information by determining security requirements; planning, implementing, and testing security systems, preparing security standards, policies, and procedures.
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
- Performs vulnerability assessment and risk analysis.
- Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards.
- Ensures that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines
- Works closely with Enterprise Architecture and Application Development to enhance the security posture of new and existing systems
- Participate in designated projects and business initiatives as the security subject matter expert.
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
- Review business processes from security perspective and identify threats, risks, and solutions accordingly
- Continuously assess the state of the information security program using the Cybersecurity Framework (s) to identify gaps and works with appropriate stakeholders to remediate deficiencies
- Ensures systems and applications are implemented with compensating controls to meet regulatory requirements (GLBA, etc.) as well as other organizational compliance (PCI) requirements.
- Implements security systems by specifying intrusion detection methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures; creating, transmitting, and maintaining keys; providing technical support; completing documentation.
- Verifies security systems by developing and implementing test scripts.
- Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
- Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
- Prepares system security reports by collecting, analyzing, and summarizing data and trends.
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Enhances department and organization reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.