Security Architect
Location: Saint Paul, MN
Job Description:
Client s seeking a resource to conduct comprehensive audits of data systems including its infrastructure, policies and procedures, to assure:
- all data meets or exceeds federal Criminal Justice Information Services (CJIS) security guidelines;
- are Payment Card Industry (PCI) compliant; and
- meet or exceed current "best practices" regarding driver's license and motor vehicle data security; and to serve as a Local Agency Security Officer (LASO)
Responsibilities:
- Assist with evaluation of architecture interfacing with other state/federal/local systems.
- Assist with assessing the security of any equipment needed.
- Assist with the evaluation of data integrity and data security.
- Assist with ensuring all background check compliance is met for all project team members.
- Assist with creating procedures to ensure the proper access rights are granted.
- Assist in building User Acceptance Testing (UAT) scenarios to ensure security requirements are properly tested and documented.
- Assist with architecture reviews of all environments.
- Assist with the evaluation and testing of disaster recovery plans.
- Assist with the development of change management processes and procedure projects.
- Provide written documentation and recommendations.
- Review agency network diagrams and access control lists (ACL) for compliance with CJIS Security Policy and CJDN Security Policy.
- Audit identity and access management to assure they are properly managed and maintained for all systems utilized to access driver's license and motor vehicle registration data; and recommend remedial action when required.
- Audit the driver's license and motor vehicle systems for PCI compliance; and recommend remedial action when required.
- Work with agencies and other government entities to ensure driver and vehicle data is accessible for utilization for mission critical functions while maintaining all security requirements.
- Analyze security needs for all projects, systems, and systems that interface with
- Transition and train new security staff for duties including:
- Deputy Registrar Security
- Identity Access Management (IAM)
- PCI Compliance
- Policy Auditing
Securities duties will include:
- Deputy Registrar Security
- IAM
- PCI Compliance
- Policy Auditing
- Physical Security of Facilities
- Fraud and Investigations
- ADLMV Management
- Technical Review/Architect
The LASO duties will include:
- Identify who is using the CSA approved hardware, software, and firmware and ensure no unauthorized individuals or processes have access to the same.
- Identify and document how the equipment is connected to the state system.
- Ensure that personnel security screening procedures are being followed as stated in FBI CJIS Security Policy and the JIS 5002 policy
- Ensure the approved and appropriate security measures are in place and working as expected.
- Support policy compliance and ensure the CSA ISO is promptly informed of security incidents.
- Conduct an annual audit of CJIS compliance and track remediation efforts on any items found
- Maintaining CJIS compliant network architecture
- Properly vetting all individuals with access to DVS physical and logical resources through the access control systems and best IAM practices
- Properly vetting all software and hardware vendors for CJIS compliance
- Working closely with client to utilize enterprise resources when possible and involving client on all technical projects
- Active involvement in all data access requests that may contain CJI to ensure CJI is protected accordingly
- Work through vendor agreements to ensure all security requirements are met or exceeded
- Reviewing client scans of DVS resources and monitoring identified vulnerabilities and remediation efforts.
Required Skills:
- Six (6) years' experience in a security architect or engineer role.
- Three (3) years' experience in network engineering, including firewall management.
- Four (4) or more engagements, within the last ten (10) years, in a security architect or engineer role where the engagement was longer than three months each.
- Three (3) years' experience in CJIS and RealID security environment.
- Three (3) years' experience in and documented IT Security in law enforcement background.
- Experience with the design and implementation of information systems, in organizations with more than 50 people, with an emphasis on data, network, and infrastructure security.
- CJIS Certification completed and up-to-date.