Sr. IT Security Architect (Remote)
Norwood, NJ 07647 US
- Perform security architecture design reviews on a wide range of initiatives or projects. Develop or critique existing designs to verify proper security control application, and ensure conformance with Crestron security policies/standards and control requirements.
- Develop, document, and refine new and existing technical security standards; drive the implementation of solid technical security principles across the organization to achieve the strategic goals or objectives of the security program.
- Design, assess, document, and approve technical security architecture designs for new and existing applications/systems, hosted on-premise or in the cloud, to ensure security by design and default.
- Keep a watchful eye on the threat landscape and design and incorporate security architecture elements to mitigate new or emerging threats to new or high-value existing applications/systems.
- Partner with other IT Security teams to provide technical security control expertise, guidance, and best practices to other IT groups and, as needed, the broader Crestron business.
- Collaborate with Enterprise Architects, Cloud Architects, Data Architects, and other SMEs on proposed designs. Be an untiring advocate for the need for security.
- Lead and facilitate the evaluation and selection of security technologies and design configurations/implementations for security solutions.
- Identify security design gaps in existing architectures and recommend changes or enhancements to minimize security risk.
- Assist with developing and refining Crestron’s Information Security program roadmap.
- Minimum of 7 years experience in information security architecture or engineering.
- Bachelor's or Master's degree in Computer Science. A degree focused on cybersecurity or a closely related area of IT is a strong plus.
- Professional information security certifications such as the CISSP-ISSAP or Microsoft Cybersecurity Architect is a strong plus.
- Deep technical knowledge across several security domains such as Application Security, Cloud Security, Data Security, Infrastructure Security, Identity and Access Management, and Network Security.
- Must have experience and strong knowledge of security controls for both legacy on-premise infrastructure and cloud-based computing services.
- Strong knowledge of common information security frameworks, including CIS Top 18 Controls, ISO 27001, and NIST 800-53 Series.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to both technical and non-technical audiences.
- Strong leadership, project, and mentoring skills, including the ability communicate security principles to business and IT stakeholders in a relatable way.
- Ability to lead cross-functional, interdisciplinary teams to design architecture that minimizes information security risks.