The Information Security Architect is responsible for the definition and evolution of security controls in support of the data confidentiality, integrity and availability objectives of the company’s global Information Security Management System (ISMS). This is a key role in the identification of potential attack vectors, risks related to people, processes and technology, and reduction of the company’s security risk profile. The successful candidate will liaise with and advise various teams including those responsible for network architecture, systems deployments and application configuration.
Essential Job Responsibilities
- Analyze information security systems and applications to develop recommendations for security measures to protect information against unauthorized access, modification or loss.
- Utilize industry standard frameworks to evolve the information security management system.
- Participates in risk assessment activities, identifying emerging threats and control capabilities.
- Lead design of data security criteria and security operations processes of systems implementation projects in support of organizational security and compliance objectives.
- Assist with documentation of standardized operating procedures in support of and alignment with organizational security policies.
- Maintain an understanding of business processes and application security capabilities to coordinate complementary control sets.
- Coordinate with operations teams and systems to proactively hunt for instances of suspicious and unauthorized events as inputs into control definitions.
- Participate in regular internal and external compliance audits.
- Will work with business continuity teams to ensure that the information security controls are used effectively during the complete life cycle of business continuity (BC) and disaster recovery (DR) situations.
- Coordinate with product architecture and product security teams in forecasting, planning and risk assessment relevant to expanding security control coverage in alignment with the company’s technology strategy.
- Maintain and apply current industry knowledge and best practices. Research and recommend use of new technologies.
- Project management including analysis of business requirements, creating and updating project plans, and tracking projects to successful completion.
- Strict adherence to defined standards and controls including change management policies.
- Mentoring and cross-training of junior team members.
- Bachelor's Degree in Computer Science, or a related field of study
- 10 years of experience in technology support including management of network security.
- 3 years of experience in systems design.
- Current CISSP certification is required.
- Additional security certifications preferred with demonstrated focus on continuing education.
- Strong documentation and communication skills.
- Strong understanding of security standards and frameworks including ISO27001, SOC audits, and security requirements of Data Privacy laws.
- Strong understanding of server infrastructure, networking infrastructures including software defined networking, network firewalls, web application firewalls.
- Technical experience designing controls within cloud topologies including SaaS, PaaS, IaaS delivery.
- Experience designing and implementing identity management and privileged access management architectures.
All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.