Overview: The information security architect works closely with IT infrastructure to ensure security product solutions are deployed, and assesses and rolls up the metrics from the various analysis tools. S/he also manages overall compliance functions and ensures internal audits are done on a timely basis to validate the various security controls in place.
Ideal Candidate Profile: The candidate will have at least 5 years working experience in it security, with experience in use and adherence to a standards based security framework like ISO 27001:2013. strong hands-on experience in siem, managing Firewall and other log files to extract key data and metrics, knowledge of AD and SSO, and strong communication skills to not only work well with employees on a daily basis but roll results up to senior management.
Education and Experience:
- B.S. in Computer Science, EE, Information Technology, or related computer/security field of work
- CISSP preferred
Skills and Competencies:
- ISO 27001:2013
- Cyber Security
- Risk Assessment/Mitigation
- VPN/LAN/WAN/Intranet including endpoint security concepts
- SOC audit support
- Working experience with Active Directory, Firewalls, Routers preferred -- and capability to recommend automation options toward having a comprehensive security dashboard for senior management readouts
Role and Responsibilities
The Information Security Architect is responsible for all programs that make the client's infrastructure and personnel more secure:
- Familiarity with endpoint security techniques and products
- Working experience with a Security Incident Event Monitoring (SIEM) tool for creating metrics and dashboards for senior management
- Knowledge of security exposures (and mitigation options) at various layers of the OSI stack
- Plans security systems by evaluating network and security technologies; developing requirements for LANS, WANS, VPNs, Routers, Firewalls, and related security and network devices
- Experience in design of public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards
- Identify and explore opportunities to improve information security on mobile devices through software (MDM/EMM) and education
- Research and evaluate security technologies and related products
- Oversight of various audits (internal and external) for SOC 1 Type II and ISO 27001:2013, and capable of planning and executing (with team support from auditors) internal audits for key vulnerability areas
- Interface with user community to understand security needs and implements procedures to accommodate them. Ensure that user community understands and adheres to necessary procedures to maintain security.
- Identify and explore opportunities for Privacy and Security education and collaboration, particularly in key areas such as phishing
- Assist with education and training of internal business partners so they better understand the technology controls framework and their responsibilities within it.
- Maintain confidentiality and protect sensitive data at all times
- Maintain information classification standards through tools and user education
- Maintain and improve information security and assurance through innovation and research, keeping track of the threat Matrix and its application to the corporate profile
- Help formalize an Information Security Management System (ISMS) tracking all security incidents with remediation status maintained
- Execute periodic security assessments/audits partnering with internal or external organizations to cover: information security, infrastructure penetration tests, ethical hacking, process security assessment
- Assist with security and operational audits with clients; regulatory agencies; and industry leading security vendors
- Conduct data classification assessment and security audits and manage remediation plans
- Collaborate with IT management, Network Security, the legal department, and Internal Audit to manage security vulnerabilities
- Participate in the evaluation of vendor proposals, conduct process analysis, reviews information security architectures and recommend modifications to the information security operation to reduce costs or improve service
- Conduct security risk assessments for technology changes as part of change management process and for technology projects as part of PMO methodology.
- Under the guidance of the Information Security Officer, assist with enterprise-wide risk assessment processes on a yearly basis as part of company risk management standard
- Proactively identify gaps or conflicts in existing security processes and work to develop solutions.
- Maintain an awareness of existing and proposed security standard setting groups, State and Federal legislation and regulations pertaining to information security and identify regulatory changes that will affect information security policy, standards and procedures, and recommend appropriate changes
- Participate in cross-domain, cross-functional Matrix project teams to implement solutions in a highly collaborative manner
- Participate in the development and documentation of security policies and procedures
- Create and maintain project-related documents (security controls assessments/risk assessments)
Irving Texas, United States of America
1/20/2017 11:07:20 AM
About MCG - Midwest Consulting Group
TECHNOLOGY IS GROWING EVERYDAY, ARE YOU?Is your current position getting you where you want to go? Are you doing what you love to do? If not let us help. We will listen to you, help evaluate your...
We strongly recommend that you should never provide your bank account details to an advertiser during the job application process. Should you receive a request of this nature please contact support
giving the advertiser's name and job reference.