Information Security Architect
Employment Type: Full-Time
Loading some great jobs for you...
Role: Information Security ArchitectLocation: Washington, DC, USADuration: Full Time PermanentThe successful candidate must have a detailed knowledge of security domains with a specialty in endpoint, network, application security and compliance. They must be team oriented and have strong leadership ability. The role is customer facing of all network, security & compliance requirements and is responsible for determining the requirements through planning, implementing, and testing security systems. Reviews security standards, policies, and procedures as they pertain to changes in regulations and risk. This role required regular interaction with other teams to help integrate their business requirements into the planning and implementation of the security architecture. The candidate must be able to articulate their knowledge of security considerations both verbally and in writing, and have to work within budget and operational constraints to secure systems without destroying their efficiency.Responsibilities
Key Technical Skills
- Co-ordinate to develop security strategic plans and roadmaps based on enterprise architecture best practices.
- Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.
- Works closely with IS teams including but not limited to Architecture, Operations, Network, and Capacity Planning, to establish and operation solutions within the Information Security framework and in resolution of security impacting issues.
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
- Good hand-on experience in managing Security Operations, Security incident response and creating awareness to the employees about security issues and practices.
- Supports, refines and documents the methodologies, information security policies, standards processes, procedures and measurements used in support of information security as needed.
- Analyzes existing, new, and emerging technologies, and integration in security framework.
- Develop and maintain a comprehensive project plan (roadmap) that at a minimum identifies the tasks to be accomplished in the course of completing the requirements, defines project staff roles/responsibilities, and provides a detailed timeline for completion of tasks.
- Track all issues during the entire engagement, report out to the Customer and work towards resolving them in co-ordination with the Customer.
- Provide guidance to Tier I /Tier 2 support on activities related to Anti-malware, Vulnerability management, and threat management.
- Develop Application security program Integrating automated testing tools (Static Application Security Testing SAST, Dynamic Application Security Testing DAST, and other technologies as necessary into the overall SDLC process design; Evaluating and identifying gaps or missing security related tasks, activities, and making recommendations.
- Periodic access reviews - Ensuring all personnel have access to the IT system limited by need and role.
- Vendor Management Third party security risk, review and assess the security risk and recommend mitigations and follow-up to closure.
- PCI / DSS readiness: prepare documentation for audit review using the updated templates.
- Promptly responding to all security incidents and providing thorough post-event analyses.
- Change Management Chair the change approval board (CAB), review, identify the risks of the changes submitted by the infrastructure team and approve/reject them appropriately.
- Prepares security reports by collecting, analyzing, and summarizing data and trends.
- The effort for the role is mentioned below :
- Strategize and design 15%
- Project Management 15%
- Security Operations / Incident Response 15%
- Vendor Management / PCI-DSS 10%
- Reporting 20%
- Team Management 15%
- Research 10%
- Experience in architecting, deploying and managing security tools e.g.: vulnerability management, access management, log management, threat intelligence, pen testing, DLP automated code analysis, and antimalware;
- Have had exposure to new and emerging technologies such as CASB, Cloud Proxy, MFA, cloud automation and management tools
- Familiarity with ITIL, ISO27001, OWASP, NIST/CIS best practices
- Familiarity with compliance requirements PCI-DSS/HIPAA/ General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA).
- Project Management and follow up skills.
- A degree in Information Technology, Computer Science or related field is highly desirable.
- Advanced security qualifications such as CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional) certifications.
- 7-10 years working experience of current IT risks, security implementations, and computer operating and software programs.
- Creates and maintains a working relationship with business units, Infrastructure teams and other teams.
- Strong leadership skills and the ability to work effectively with business managers, leadership, IT engineering and operations staff.
- Excellent written and verbal communication skills as well as business acumen and a commercial outlook
- Strong inter-personal, analytical thinking, presentation and communication skills essential
- Excellent positive customer relations skills
- Excellent organizational skills
- Excellent decision making skills
- Familiarity with ITIL process - Event/Incident/Problem/Change Management processes
Loading some great jobs for you...