Information Security Architect

Job Summary:

The Information Security Architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices for application design, development, and deployment. The security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.

Essential Duties and Responsibilities:

• Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers.
• Develops security strategy plans and roadmaps based on sound enterprise architecture practices for all environments including cloud and on-premises infrastructure.
• Develops and maintains security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.
• Assists in defining baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM).
• Ensuring applications are deployed with the appropriate level of data encryption based on the organization's data classification criteria.
• Documents and addresses organization's information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition life cycle.
• Establishes security review processes and standards.
• Performs security reviews, identifies gaps in security architecture, and develops a security risk management plan.
• Stays up to date on the latest security technologies, trends, and best practices.
• Validates IT infrastructure and configuration for security best practices and recommend changes to enhance security and reduce risks including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems.
• Coordinates with DevOps teams to advocate secure coding practices.
• Reviews network segmentation to ensure least privilege for network access.
• Reviews security technologies, tools, and services, and makes recommendations to the broader security team for their use, based on security, financial and operational metrics.
• Defines and documents how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment. 
• Liaises with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data for third party providers.
• Evaluates the statements of work (SOWs) for these providers to ensure that adequate security protections are in place. Assesses the providers' audit reports or survey results for security-related deficiencies.
• Coordinates with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems.
• Participates in application and infrastructure projects to provide security design best practices.

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or a related IT field required. Master's Degree preferred. 
• 5-8 years of Cybersecurity or Architecture required. 
• Preferred Certifications: ISC2 CISSP, COMPTIA Security+, CompTIA Advanced Security Personnel (CASP+), Certified Ethical Hacker (CEH), Certificate of Cloud Security Knowledge (CCSK), or other relevant information security certifications.

Skills and Abilities: 

• Written and verbal communication skills and presentation skills. Ability to communicate with internal and external customers on issues of moderate to considerable importance, up to and including senior management.
• Analytical skills with an ability to independently evaluate and develop innovative solutions to complex situations.
• Possesses flexibility to work in a fast paced, dynamic environment.
• Negotiation skills. Ability to defend position strongly while keenly aware of the need to maximize benefits for all sides.
• Demonstrated problem solving skills.
• Demonstrated time management and priority setting skills.
• Continuous improvement mindset
• Ability to apply process improvement planning and checking to own work output and to assist others with identifying gaps in work results
• Proficiency in Microsoft Office products such as Word, Excel and PowerPoint

Benefits Summary:

• Health, Dental, Vision, Prescription Drug plans 
• Life and Accidental Death & Dismemberment Insurance 
• Flexible Spending Account 
• Employee Assistance Program 
• 401K with 4% company match 
• Bonus Program 
• Wellness Program 
• Onsite Fitness Center (vary by location)
• Tuition Reimbursement 
• Career Development and Ongoing Training 
• Paid holidays and vacation  
• Cafeteria and food markets (vary by location) 
• Volunteer opportunities 
• Employee recognition (employee and milestone events) 

Salary Range: $115,000-$145,000

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Standard ADA Selection: Office Environment
  • Visual requirements include color, depth perception and field of vision. Physical requirements include standing, walking, pushing, pulling, lifting, fingering, talking, hearing and repetitive motions. The work environment for this position is typically indoors in a pleasant, well-lighted area with comfortable temperatures and a controlled environment with no significant amounts of dust, fumes or odors. Unavoidable accidents and health hazards are unlikely.