6 days old

Information Security Architect

Herndon, VA 20171
  • Job Code
    581342
  • Payrate
    $88 To $88

Randstad Technologies is searching for a dynamic, experienced individual to lead our client's information security assessment and protection functions, shaping the future company blueprint for information security. The Information Security Architect position is responsible for the establishment of and assessment against Information Security architecture policies, standards and guidelines to ensure that systems are designed and built in a manner that minimizes security risk while ensuring business needs are met. The Security Architect will implement mechanisms to empower technology owners to easily locate and mitigate risk.


Are you ready to make a difference by:


Reporting to the Senior Director of Information Security, Audit and Compliance, in close partnership with security personnel and cross-functional teams, you will develop the guidelines, templates, and tools used to achieve desired risk levels and secure our client's data and intellectual property. You will provide deep technical expertise and leadership. You will be our customers' advocate and educate others on key security principles and requirements. You will be part of an experienced team of security professionals whose mission is to fanatically protect our Company and our customer's data.


Being a collaborative disrupter who works with a sense of urgency and an eye toward the future, understanding where the organization should be headed regarding information security, helping to build the framework to get there and partnering with key stakeholders to implement the vision. Ideal applicants are quick on their feet, love to take risks, and will constantly challenge assumptions. The Architect works with various areas of the business to collaborate on strategy, help design secure solutions, and build standards for how those solutions should be implemented and maintained in the future.


Providing expert guidance and security oversight for projects, technical architecture, vendor and product selection. The Architect will provide technical leadership to solution designers and delivery teams. The Security Architect will work with infrastructure and end-user support organizations on the execution of security strategic initiatives.


AS AN INFORMATION SECURITY ARCHITECT, YOU WILL..


Provide security architecture expertise in support of application and system development, infrastructure, and enterprise technology projects to ensure responsible risk management


Assess project requirements related to application, network and infrastructure security, including assessment against our client's security policy and standards, conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates


Provide support to Business Partners during RFP and contract processes. Performs security due diligence reviews of potential vendors as part of the RFP process and for regular third party security risk assessments to ensure the company's data and systems are appropriately protected


Identify and document architectural and other security risks associated with the solution architecture, and mitigating controls where necessary


Develop, implement and continue to mature the security architecture policies, standards, practices and guidelines ensuring that they remain aligned with business objectives, meet regulatory and contract requirements and are updated to address changes to risk landscape


Define and maintain security architecture and roadmap based on ongoing research, evaluation work on next generation security technologies and understanding of best practices, marketplace, and emerging threats


Build relationships, and influence decision makers in technology groups and business units across the client to create, refine, deliver and evangelize information security standards that balance business and security priorities


Report on comprehensive cyber security risk score


Develop and own assessment tools, processes and practices in order to produce a meaningful and impactful set of metrics


Develop and own assessment tools that are easy to use and which apply industry best practices to highlight key risks


Maintain industry expertise by tracking and understanding emerging security practices and standards; participating in educational opportunities; and interfacing with the security community including thought-leaders, industry peers, customers, and auditors


Mentor technology teams and evangelize security practices to contribute to a collaborative and healthy learning environment


Provide mitigation strategies in the design and development of systems to ensure security risk is minimized by having familiarity with the current threat environment, how these threats can exploit known vulnerabilities



Qualifications



  • 5+ years combined hands-on experience with information systems security, design, development, implementation and support
  • 3+ years of directly building and managing information security architecture and risk governance
  • BS in Computer Science or equivalent experience preferred
  • Industry certifications, such as CISSP, CISA, GSEC, etc
  • Thorough understanding of risk management principles and processes
  • Experience leading security assessments of large, enterprise-wide systems
  • Experience creating security assessment tools, producing reports on organizational security posture, and developing company risk governance frameworks
  • Experience applying CIS, SOC2, PCI, and other control frameworks to identify security gaps and prioritize their remediation
  • Experience with hosted and cloud services, especially SaaS and PaaS, and the related security implications and control approaches


Key Competencies



  • Thorough knowledge and understanding of software technologies, as well as the methods used in performing risk analysis
  • Experience with common operating systems and server platforms (e.g. Windows, Linux, UNIX)
  • Knowledge of Networking, Virtualization, Storage and Cloud Technologies including but not limited to secure implementation of: local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), wireless networks (Wi-Fi), switches, routers, firewalls, wireless access points and related security and network devices; Hypervisors, VMs and VDIs; Storage Area Networks (SAN), Network Attached Storage (NAS), CIFS, SMB and relevant security and replication technologies
  • Excellent understanding of cloud security and experience with design and/or implementation of applications in the cloud; Understanding of cloud deployment models: Private Cloud, Public Cloud, Hybrid Cloud; Cloud service models: Infrastructure as a service (IaaS), Platform as a service (PaaS) and Software as a service (SaaS); implantation of relevant controls to ensure Confidentiality, Integrity and Availability of our client's data
  • Extensive knowledge of technical security controls and technologies (e.g. IDS, IPS, traditional, NextGen and Web Application Firewalls; Data Loss Prevention; Antivirus, Anti-malware and Zero Day technologies; Security Information and Event Management (SIEM); Access and Identify Management and Privileged User Management; Public Key Infrastructure and Certificate management)
  • Clear understanding of IAM workflow and tools and technology in Identity and Access management area
  • Ability to obtain a working knowledge of all areas of the organization and the ability to develop a clear understanding of the client's key functional processes and critical customer services
  • Communication skills - the ability to verbally communicate technology-related issues and security-related issues to every level of the organization (end-users, IT staff, managers, vendors, contractors, etc.). Written communication skills are also important for writing security-related policies, standards and awareness documents
  • Experience in policy/standard creation and acceptance
  • Ability to consistently categorize, measure, and prioritize security risks, express them in the language of the business unit to make them easily digestible by system owners, and assist in their mitigation
  • Expert collaborator who lives and believes an "options before obstacles" mindset
  • Strong understanding of security tenets, such as encryption/key management, network design, access control, incident containment
  • Knowledge of the intricacies related to NIST, HIPAA, SOX, PCI, or state privacy laws
  • Analytical and creative thinker, thorough and detail-orientated deliverer who works with a high sense of urgency
  • Can work independently with minimum direction and can manage own workload/commitment. Works efficiently and accurately in a fast-paced environment


If you or someone you know may be interested in being considered for this role, please reach out to [email protected] ASAP with your resume!

Categories

  • Information Technology

Randstad utilizes a technology-driven focus with a human touch to provide better staffing and business solutions to organizations around the world. Our team of experts match professionals with available career opportunities in a variety of fields.

Featured Jobs

Career News

Share this job:

Information Security Architect

Randstad Technologies
Herndon, VA 20171

Share this job

Information Security Architect

Randstad Technologies
Herndon, VA
US

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast