Security Architect

Parsippany, NJ 07054

Posted: 03/03/2020 Employment Type: Contract To Hire Job Number: 439

Job Description


SUMMARY

The Security Architect is a key security role that requires an individual with a strong technical background, as well as an ability to work with the IT organization to align priorities and plans with key business objectives. The Security Architect will act as a representative of the security team during IT planning initiatives to ensure that security measures are incorporated into IT plans and that service expectations are clearly defined. The Security Architect will also be responsible for working with business and IT stakeholders to balance real-world risks with business drivers such as speed, agility, flexibility and performance.

 

Participating in project teams and developing security projects is essential for success in this role. In addition to supporting the security policies and strategies, the Security Architect must be able to balance operational tasks with longer-term strategic security efforts. Other project management tasks will include task prioritizing and project reporting. Vendor relationship management — ensuring that service levels and vendor obligations are met — is also a very important aspect of the position.

 

Documentation and presentation skills, analytical and critical thinking skills, and the ability to identify needs and take initiative are key requirements of the position.

 

 

ESSENTIAL DUTIES

 

The Security Architect will report to the Manager of Security Architecture.

 

Responsibilities:

The Security Architect’ s job is composed of a variety of activities, including very tactical, operational, and strategic activities in support of the security program initiatives, such as:

Security Program Development
  • Work with Security team to develop a security program and security projects that address identified risks and business security requirements.
  • Work with security leadership to develop budget projections based on short- and long-term goals and objectives.
  • Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
  • As needed, assist the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans as needed.
  • Support security communication, awareness and training for audiences, which may range from senior leaders to field staff.
  • Work with security leadership, IT, and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.
  • Become a transformative force for agility and ITIL processes in security team.

 

Architecture/Engineering Development and Support:
  • Develop, train, and maintain a Secure Coding best practices program including code scanning tools.
  • Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
  • Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical expertise for the administration of security tools.
  • Work with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
  • Engage in security projects and provide expert guidance on security matters for other IT projects.
  • Coordinate penetration testing engagements.

 

Operational Support:
  • Support and share a knowledge-base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
  • Support, as needed, the Information Security team’ s operations group in developing new solutions and risk remediation strategies

 

Incident Response and Threat Management:
  • As needed, support threat analysis and security incident forensics.

 

Security Liaison:
  • Assist security personnel, resource owners, and IT staff in understanding and responding to security assessment gaps reported by auditors.
  • Assist in production issues and incidents, and participate in problem and change management forums.
  • Serve as an active participant in the information security governance process.

 

LEVEL BASED COMPETENCIES:

Level Based Competencies are to be designated based on job level and content.
  • Good leadership skills and the ability to work effectively with business Senior Managers, IT engineering and IT operations staff.
  • The ability to interact with personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
  • A good understanding of the business impact of security tools, technologies and policies.
  • Excellent leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
  • Good verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
  • Experience working with legal, audit and compliance staff.
  • Experience developing and maintaining policies, procedures, standards and guidelines.
  • Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks.
  • Familiarity with applicable legal and regulatory requirements, including, but not limited to, the U.S. Sarbanes-Oxley Act, the General Data Protection Regulation, California Consumer Privacy Act, etc.
  • Strong proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
  • Knowledge of and expertise in developing and documenting security architecture and plans, including strategic, tactical and project plans.
  • Excellent analytical skills to analyze security requirements and relate them to appropriate security controls.
  • An advanced understanding of operating system internals and network protocols.
  • Familiarity with the principles of cryptography and cryptanalysis.
  • Experience in application technology security testing (white box, black box and code review).
  • Experience in system technology security testing (vulnerability scanning and penetration testing).

 

Education/Experience
  • A minimum of 10 years of IT experience, with seven years in an information security role.
  • A bachelor' s degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
  • CISSP, CISM, or other equivalent Information Security certifications.

 

Technical knowledge/skills (entry, intermediate, advanced)

 
  • Intermediate knowledge of the following technologies
    • Secure Application Development Methodologies and Toolsets
    • Web Filtering Proxy Technology
    • Data Loss Prevention
    • Security Log Management
    • Security Event Correlation
    • Endpoint Protection Technologies
  • Knowledge of and expertise in developing and documenting security architecture and plans, including strategic, tactical and project plans.
  • Knowledge of and expertise in developing and documenting secure coding best practices.
#RecruitPS

Meet Your Recruiter

Jason Destro

Over 20 years’ of recruiting experience with hands-on recruiting and placement of I.T. professionals (Full Time, Temp 2 Perm, & Contingent) in the NJ/NY/CT/PA marketplace for a wide variety of today's demanding IT skill sets. Focused on delivering exceptional service by understanding client’s objectives and goals.

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.

Textbox Section