Information Security Architect - Forhyre
New York, NY 10001
About the Job
We are looking for a Lead Information Security Architect who will be responsible for developing and maintaining a comprehensive information security architecture program and representing information security requirements for all technology solutions and business processes covering multiple technical disciplines, such as systems & networking infrastructure, DevOps, security, business applications, cloud security, and data architecture. The role oversees cybersecurity for our company's digital products, including software, firmware or products that contain code. This includes implementing a product security program designed to address cybersecurity across all stages of the product life cycle. This role identifies and oversees the mitigation of technical and operational threats; analyzes the security, supportability, and feasibility of new technology; and ensures conformance with regulatory guidelines and industry best practices.
This position requires an extremely high level of analytical problem-solving skills to diagnose and resolve complex technical issues in addition to superlative process management and communication skills.
Note: U.S. citizens and those authorized to work in the U.S. are encouraged to apply. We are unable to sponsor at this time.
To be Successful in this Role
- Develop an architectural vision to support the continued growth of the product suite
- Working knowledge of Data Security Best Practices: At Rest, In Flight, In Use
- Experience with privacy-enhancing technologies and encryption techniques.
- Working knowledge of cloud security architecture strategies, frameworks, and reference models
- Proven ability to develop effective partnerships with senior management and peer organizations. Must be able to explain technical concepts and problems to nontechnical senior executives
- Ability to build Risk Models and analyze security weaknesses in complex technology deployments.
- Provide security expertise and direction on projects related to cloud architecture and design, implementation, maintenance, governance, and risk management
- Work with governance teams to establish automated processes and best practices for AWS, Azure IAM policies, roles, identity federation, etc.
- Conduct automated (preferred) or manual security validation of cloud templates and/or cloud infrastructure
- Collaborate with business units and corporate partners to ensure they build solutions consistent with the organization's policies, programs, architectural recommendations, and information security standards
- Develop, establish, enforce, and sustain the Information Security Architecture, including standards and guidelines for infrastructure solutions and technologies, integration methodologies and practices, development processes, hardware platforms, and enterprise data design.
- Partner with stakeholders in building and implementing a robust, scalable, and agile information security architecture
- Partner with stakeholders in assessing the IT application & infrastructure portfolios today and design and execute the future state strategy to meet business objectives going forward.
- Make recommendations on the strategic use of technology for leveraging business results and work with stakeholders to incorporate these recommendations into appropriate roadmaps and life cycle plans.
- Anticipate and ensure alignment with long-term business requirements, ensuring identified change is reflected in the appropriate roadmaps, providing thought leadership both internally and externally
- Minimize the number of architectural components and total cost of ownership while maintaining maximum of functional flexibility, reliability, and security.
- Must be able to balance the role of strategist with urgency while simultaneously managing and delivering results in a growing and fast-paced environment.
- Must demonstrate the ability to manage via influence and have the credibility and interpersonal skills to become respected as a thought leader. Must be capable of articulating pragmatic, sensible, and simple solutions while executing across multiple business and technical perspectives.
- Act as a role model for service mentality, building long-term relationships with key internal customers and stakeholders, while remaining receptive to the customer's needs
- Facilitate and steward the documenting of the architecture design and analysis work, including the capture and mapping of the relationships between architecture components.
You Will Have
- 8+ years’ experience dedicated to information security architecture required with expert knowledge in building defense in-depth reference architecture
- Required industry security certification (e.g., CISSP, CISM, CISA, CCSP, etc.)
- Familiarity with information management practices, system development life cycle management, IT services management, agile and lean methodologies, infrastructure, and operations.
- Knowledge of business ecosystems, SaaS, infrastructure as a service (IaaS), platform as a service (PaaS), SOA, APIs, open data, microservices, event-driven IT and predictive analytics.
- Hands-on experience with Cloud Technologies AWS, Azure & GCP
- Good understanding of security management solutions, including IDS, IPS, SIEM, Vulnerability Scanning, Denial of Service, and Continued Compliance
- Experience with attacks and mitigation methods, with experience working in two or more of the following: Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application and browser security; Security assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; Security monitoring and intrusion detection, Incident response and forensics; Development of security tools, automation or frameworks
- Experience in managing and contributing to incident response
- Extensive experience in developing strategic information security plans, including the development of baseline security standards, information system hardening guides, and information security requirements documentation.
- Excellent analytical skills, organizational, time management, and problem-solving skills are essential.is work, including the capture and mapping of the relationships between architecture components.