The Security Architect provides strategic direction and day-to-day management of the company s security policies and compliance requirements. Responsibilities include the participation and execution to implement security measures that protect the company s assets. This role includes staying up to date on the latest intelligence and cyber attack methodologies.
Overall Responsibilities
Ensure the company has a secure architecture for authorization and authentication.
- Assist in fortifying business to business exchanges to ensure legal transactions and client communications are reliable and secure.
- Manage the preparation, execution and remediation of various security and risk assessments.
- Participate in compliance reviews and requests for mutually approved artifacts.
- Review and monitor company systems to verify established security baselines.
- Participate in the creation and testing of disaster recovery plans.
- Perform security incident reviews and recommend remediation action plans when required.
- Create and update incident response plans.
- Development of strategic, long term security architecture road map.
- Recommend and ensure proper implementation of new security solutions.
- Management of existing security tools.
- Create and monitor standardized internal processes to ensure security controls are consistent with overall security position of the company.
- Help ensure the security aspects of end user and equipment provisioning needs are enforced.
- Participate in education efforts of Company employees to include but not limited to: dangers related to viruses and malware, denial of service attacks, internet usage best practices, external actors, phishing, and threats from internal employees and employee turnover issues.
- Execute defined audit and compliance activities that address security, privacy and risk.
- Ensure all security risks are managed and communicated clearly and effectively.
- Monitor methods of physical data security such as the storage of backup media and propose/implement any changes where necessary.
- Address issues of data security storage, transmission and backup.
- Troubleshoot all network security and integrity issues.
- Advise company of current threats and issues via available resources that include governmental and law enforcement agencies.
- Ensure monitoring and alert notifications are implemented in accordance with the business needs.
- Recommend and review departmental policies to ensure the necessary security audits and tests are carried out prior to being introduced into production.
- Maintain working knowledge of various compliance needs and changes in various industries.
- Work effectively with cross-functional team to identify areas for improvement as well as efficiency gains and create and own execution plans to drive the improvements.
- Propose and lead improvements based on knowledge and practical application of security best practices, including but not limited to threat assessment, vulnerability prevention, compliance, and monitoring tools.
- Collaborate with audit, compliance, risk and IT team members.
- Identify and communicate to management the cause of all Security incidents, making recommendations as to how the specific incidents can be avoided in the future.
- Provide subject matter expertise and advise company s personnel of best practices.
Required Skills
- Proven ability to professionally handle confidential matters.
- High degree of initiative, dependability and ability to work with little supervision.
- Ability to set goals and prioritize tasks across working groups.
- Excellent knowledge of network architecture and troubleshooting skills.
- High attention to detail with strong planning, project management and organizational skills.
- Ability to design, implement and/or manage projects performed by staff or outside contractors.
- Demonstrate a passion for fast-paced technology and desire to continually build upon current skills.
- Desire to explore, learn and apply new technologies independently and provide subject matter expertise in all areas of responsibility.
- Ability to be on call 24x7x365 when need arises and participate in overall monitoring efforts.
Qualifications
- A bachelor s degree in Information Systems Management, Computer Science, Engineering or related discipline.
- Four to seven years of similar experiences
- One or more of the following certifications are desired: CISSP, CRISC, CSSLP, CEPT.
- Superior verbal and documentation skills.
- Working knowledge of various regulatory compliance standards such as ISO, NIST, HIPAA, HITECH, PCI.
Lead Security Analyst