As a senior member of Information Security team this enterprise-wide role is integral in defining and assessing the organization’s security strategy, architecture and practices. The enterprise security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services, evaluate and incorporate emerging technologies and evaluate changes to the threat landscapes. Interacts with senior leaders across the enterprise and acts as a trusted senior advisor.
- Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
- Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
- Develop security strategy plans and roadmaps based on sound enterprise architecture practices
- Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
- Track developments and changes in the digital business and threat environments to ensure that they’re adequately addressed in security strategy plans and architecture artifacts
- Participate in application and infrastructure projects to provide security-planning advice
- Assist in the development of security technology standards and patterns that will be utilized within the environment
- Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems.
- Review network segmentation to ensure least privilege for network access
- Liaise with the Third Party Risk Management (TPRM) team to conduct security assessments of existing and prospective vendors
- Liaise with the IT Security GRC team to review and evaluate the design and operational effectiveness of security-related controls
- Support the testing and validation of internal security controls
- Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics.
- A minimum of 7-10 years of experience in a related field or equivalent experience in the industry.
- Strong oral and presentation skills
- In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF, HITRUST CSF, ISO 27001
- Strong knowledge of laws and regulations including but not limited to PCI DSS, HIPAA-HITECH
- Experience in using architecture methodologies such as SABSA, Zachman, or TOGAF
- Direct, hands-on experience or strong working knowledge of managing security infrastructure e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (>NAFs), endpoint protection, SIEM and log management technology
- Strong working knowledge of vulnerability management practices and tool
- Direct experience designing 1AM technologies and services such as AD,
- LDAP, and/or AWS 1AM
- Strong working knowledge of IT service management- lTIL related services
- Change management, Configuration management, Asset management, · Incident management, Problem management, etc.
- Experience designing and securing applications and infrastructures in cloud environments such as AWS and/or Azure
- Bachelor’s degree in Computer Science or related field or equivalent experience required
- Multiple certifications preferred