Senior Information Security Architect

Job Summary As an advanced skillset position, the security architect provides expert guidance for addressing current security issues, but also the foresight to follow industry trends and proactively deliver optimal security solutions.

The DevSecOps Engineer is responsible for designing security-first solutions that protect business but allows the business to execute and innovate.

The DevSecOps Engineer works closely with many diverse and dynamic teams, including, but not limited to security engineering, DevOps teams, threat intelligence, security operations, security audit and compliance, security awareness, IT solutions, IT innovation, and end users including business leadership.

This position is also responsible for architecting solutions to secure business-to-business initiatives, third-party relationships, outsourced solutions, and vendors.

Participate in the development and implementation of the Cyber Security Strategic Plan.

Lead evaluation of and make recommendations for technical solutions to reduce risk.

Develop policies and procedures to maintain a secure computing environment.

Oversee data classification and protection of PII, PHI, and other regulated data.

Provide mentoring and training to more junior staff.

ESSENTIAL DUTIES AND RESPONSIBILITIES:
• Remain current with new security threats and assess systems to ensure they can defend the business.

• Act as liaison between the business and technology from a security perspective.

• Constantly research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership.

• Research, validate and recommend solutions meeting security and business needs.

• Drive security efficiencies, enabling security team members to work on more advanced tasks.

• Work with management to identify sensitive and critical data, understand organizational security needs, and develop procedures to accommodate those needs.

• Assess existing system security controls and propose enhancements as necessary.

• Plan security systems through evaluating network and security technologies.

• Plan testing final security structures to ensure they behave as expected.

• Develop project timelines and post-event analyses / lessons learned.

• Design, document, and interpret IT Security architectures.

• Define and implement change controls.

• Perform all other related duties as assigned.

Job Qualifications
• Education: Bachelor’s degree (B.A./B.S.) or equivalent in computer science or related discipline.

• Experience: Minimum of 12 years related experience in IT, with 8 years in an information security system and network security engineering, audit, or compliance role, and 5 years in technology design, implementation, and delivery.

• An equivalent combination of education and experience may be accepted as a satisfactory substitute for the specific education and experience listed above.

• Certification/Licensure: IT security related certification highly desired (e.g., CISSP, CISA, GIAC, or similar professional certification).

• Other: Experience with one or more of the following: ISO 27001, NIST, PCI DSS, HITECH, GDPR, Service Organization Controls (SOC) 2 and industry IT Security best practices.

Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private and hybrid environments.

Able to handle moderate to complex problem resolution with minimal supervision.

Experience in risk assessment, audit, and IT security assessments.

Experience administering information security programs including risk assessments and forensic research, designing security architectures, developing policies, gathering metrics, and reporting status.

Experience architecting SIEM systems, threat intelligence platforms, security automation and orchestration solutions, IDS/IPS, file integrity monitoring (FIM), data loss prevention (DLP) and other network and system monitoring tools.

Excellence in communicating business risk from cybersecurity issues