Sr. Security Architect

Description:

**Remote

The Solutions Security Architect is responsible for leading the development of information security architecture with focus on application security and ensuring technology initiatives are implemented within the guidelines of industry frameworks in order to maintain and improve our environments security posture. They will be accountable for strategic planning, architecture, and securing enterprise information by identifying network and application security requirements, implementing and testing security controls and procedures.

• The primary areas of focus for the Solutions Security Architect are to advise the Chief Information Security Officer in developing risk management strategies and multi-year implementation and remediation programs based on business priorities and risks to address cyber Security, cyber defense and the needs of the enterprise.
• To meet these requirements the successful candidate must be knowledgeable about how security architecture fits into the broader security program and understand the security concepts outlined by the National Institute of Standards and Technology (NIST). The successful candidate will adapt and leverage both policy and system security technology stack to reduce new or existing risk and assist the team as we work to bolster our security posture.

Key Responsibilities:

• Define information security strategies, including guiding principles and future vision, ensuring that the strategic objectives are aligned with business goals.
• Develop and implement security policies and standards in alignment with industry best practices, regulations, and emerging security technologies.
• Collaborate with internal and external stakeholders, including IT teams, vendors, and departments

to ensure that security measures are integrated into all technology solutions.

• Provide technical guidance and expertise to IT teams and other stakeholders on security-related issues primarily in the application space.
• Work closely with customer stakeholders to identify and mitigate risks, perform security reviews, design top tier security practices, and deliver strategic, innovative cloud-based security offerings.
• Stay up to date on the latest security threats, trends, and technologies, and recommend solutions to mitigate risks.
• Engage in a variety of solutioning sessions which include key subject matter experts, these sessions are designed to quickly produce secure and viable solutions to critical business use-cases.

Knowledge, Skills, and Abilities Required:

• Expertise in conducting product research to make informed information security assessments.
• Expertise in application security
• Expertise in the assessment of System Security Plans and Third-Party Audit documents such as reports to develop information security position reports.
• Expertise in identifying risk as it relates to policy, the state of its environment and Defense in Depth.
• Ability to coordinate with other subject matter experts to develop a concise position on IT products and services from an information security perspective.
• Ability to develop reports pertaining to vendor provided IT products and services.
• Ability to document procedures and diagrams related to security architecture.
• Ability to conduct research, analyze, and communicate the security and regulatory impact of risk to executive level management in a concise manner.
• Familiarity with Cloud and Network Security concepts and tools.
• Familiarity with information security system standards and certifications such as ISO-27000 family and FedRAMP.
• Familiarity in risk assessment processes for information technology systems as outlined in NIST Publications.
• Familiarity with information security controls outlined in NIST Special Publication 800-53.
• Familiarity with security compliance to federal audit requirements for different data types (e.g., Federal Tax Information, Criminal Justice Information, Social Security Information, Affordable Care Act Information).
• A high level of attention to detail reviewing complex documents related to information security.

Required / Desired Skills

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field. (Required 4 Years)
  
• In-depth knowledge of security principles and practices, including risk assessment and management, security architecture, compliance, and security testing. (Required 5 Years)
  
• Experience with security technologies, including firewalls, intrusion detection and prevention systems, vulnerability scanners, and endpoint security solutions. (Required 5 Years)
  
• Knowledge of industry standards and regulations, such as NIST, CIS, HIPAA, and FISMA. (Required 5 Years)
  
• Application Security (Required 5 Years)
  
• Security Architecture (Required 5 Years)
  
• Strong Communications - Oral and Written (Required 5 Years)
  
• Professional security certifications, such as CISSP, CISM, or CISA, are highly desirable. (Desired 2 Years)