Do you enjoy influencing others, working in a participative, empowered environment where you are continually learning and being challenged by the work that you do? If so, this may be the job for you! The Senior Architect Information Security, is primarily responsible for shaping security innovation and playing a key role in the evolution of NASCO’s Enterprise Architecture and Security functions. You will provide thought leadership and architecture guidance across a wide range of technologies and business initiatives.
You will establish Information Security Standards, Technologies, Patterns, Reference Architectures and Best Practices and ensure their adoption across all Product and Corporate solutions. This includes advising and guiding the business and delivery teams in the planning, design, and implementation of all solutions. You will report to the Executive Director, Architecture and work as part of a matrixed IT organization to help bridge the gaps between Business Leadership, Risk Management, and IT Delivery in terms of Information Security Architecture and Technology.
Essential Roles and Responsibilities
- Develops Security architecture strategies for NASCO in the form of standards, frameworks, and guidelines, with the emphasis on Infrastructure security
- Serves as primary information security interface to collaborate with business representatives, systems development and business users for establishing business requirements, information security functional requirements, security solution options and implementation plans.
- Advises and contributes to strategies and initiatives to strengthen NASCO’s Security Program which is identified as part of NASCO’s Information Security Practice or HITRUST corporate compliance
- Provides security controls, processes, and technical advisory support to business units and projects by working cross-functionally to develop and implement strategies that balance security recommendations with business needs.
- Works with the Information Security Director and others to develop a run book for the CTO’s organization to enable safe and rapid responses to reported vulnerability disclosures
- Provides mentoring and technical leadership to the Information Security team
- Acts as Subject Matter Expert and provide third-level support and analysis during and after security events
- Performs other duties as assigned by manager.
- Assists CISO and Director, Security Operations with information security vendor assessments, security attestations, re-certifications, audits, risk assessments, testing coordination, or investigations, as required.
Required Knowledge, Skills, Abilities, and Experience
- Minimum 5 – 8 years of experience in enterprise security architecture role
- Minimum 10 years of IT infrastructure architecture and/or operations experience
- Minimum 4 -5 years of experience in Large Scale System design (ERP, Custom, etc) and implementation.
- At least 3 years of experience with commercial and open source security applications and technologies (e.g. malware prevention, DLP, IDS/IDP, cryptography, vulnerability scanning and penetration testing), as well as related protocols and tools (e.g. SSH, SSL/TLS, snort, port scanners, rootkit detectors, etc.)
- At least 3 years of experience performing network and application security penetration testing and/or threat assessments
- Understanding of HITRUST framework.
- Broad-based knowledge of information security processes and technologies such as: business process design, risk assessment, minimum baseline security controls (*nix, Windows, network protocols, common services), data classification and management, security monitoring and log analysis, incident management, network protocols, application and database architectures, SDLC, system planning and integration, and security metrics.
- Working knowledge of technologies such as operating systems, directory services, and network protocols.
- Knowledge of database applications, spreadsheet design, and report writing software.
- Advanced written and verbal communications skills.
- Ability to accomplish service goals, objectives and metrics consistent with Information Security Department strategic plans and business service level agreements.
- Ability to resolve business security conflicts taking into consideration policy, risk and business needs.
- Ability to perform trade-off and risk analysis and, if necessary, process and manage exceptions to achieve business needs.
Required Training and Education
- Bachelor’s degree in computer science, information systems, engineering, or a related fieldDesired Training and Education:
- Master degree in computer science, information systems, engineering, business administration or a related field
- Certifications preferred: CISSP, CCNA, CCENT, CCNP, GSEC, MCSA, CISM
- SSL/TLS: 3 years
- Security Architecture: 10 years
- Security Strategy: 10 years
- Penetration Testing and Threat Assessments: 3 years
- ssh: 3 years
- cryptography: 5 years
- HITRUST FRAMEWORK: 10 years
- Network Security: 10 years
- commercial and open source security: 3 years
Required licenses or certifications
- Ability to work in the U.S. without sponsorship
If you or someone you know is interested in applying for this position please submit your pdf resume, along with name, email address, phone number & LinkedIn profile url (if you have one) via email. Include post # in subject line.