Information Security Architect

Core Responsibilities

A day in the life of this role involves working with IT partners to understand current and new solutions, ensuring security controls are embedded, and discussing necessary improvements to IT products. The role also includes collaborating with team members on process improvements to ensure consistent delivery of security consulting. Weekly and potentially daily interactions with team members and the hiring manager are expected. The top priority for the worker over the first few weeks or months is to learn our internal systems and standards, begin shadowing existing team members to understand current processes, and transition to taking the lead on security consulting among IT teams. The biggest challenge in this role is learning the complex environment of Client and understanding who to work with across the business to gather the necessary information.

• Security Architecture Development and Maintenance: Assist Sr. and Principal Architects with the creation of security designs and frameworks for technology systems. Monitor security intelligence sources for emerging industry security technologies, technology issues, and regulatory issues. Provide oversight of new development efforts to ensure adherence to security policies, standards, and reference architectures. Actively participate in decision-making processes related to the adoption of new hardware and software technologies. Provide advisory services as needed to information security teams. Utilize planning and organization tools to develop project/action plans and meet deliverable deadlines as directed.
• Information Security Strategy: Assist Principal and Sr. Information Security Architects with the development of the annual Information Security Strategy. This includes strategy development, formalized roadmap documentation, and continued maintenance.
• Cyber Security Tooling and Processes: Possess intermediate knowledge of company Cyber Security Tools and affiliated operational processes. Utilize knowledge when advising to determine residual risk of identified threats or control weaknesses. Champion the use of Cyber Security Tooling through education and awareness of constituents.
• Regulatory Requirements and Control Frameworks: Have foundational knowledge of regulatory bodies and corresponding compliance requirements, including but not limited to PCI-DSS, SOX, GLBA, CCPA, GDPR. Possess intermediate knowledge of control frameworks, including but not limited to FFIEC Examination Handbooks, NIST 800-53, ISO 27001. Have advanced knowledge of Cyber Security Maturity Frameworks such as NIST-CSF and FFIEC Cyber Assessment Tool.
• General Information Technology: Have intermediate knowledge of IT tools and practices, including but not limited to Networking, LDAP Directories, Vulnerability/Patch Management, Change Management, Incident Management, Server and Desktop Management, Mainframe Technologies, Encryption and Key Management, Cloud Architecture and Computing, Software Application General Computing Controls, Business Continuity/Disaster Recovery, Software Development Lifecycle, Access Management, and Cyber Security Tooling.
• Human Relations: Ability to diffuse problematic situations and manage through conflict resolution. Utilize soft skills such as Selective Agreement, Reflective Listening, Voice Inflection, and Empathy. Ability to take complex concepts and break them down into layman's terms or analogies that help with others' understanding. Viewed as an enabling partner that provides options or information when saying no to business or IT requests. Seen by leadership and peers as credible, trustworthy, and respectful. Utilize subject matter expertise to guide and coach less experienced team members.

Essential Qualifications, Skills, and Technologies

• High School Diploma or equivalent experience in a related field.
• A minimum of 5-8 years of prior experience in a similar or related role (an equivalent combination of experience and education may be considered).
• At least 3 years of exposure to Amazon Web Services (AWS) and Microsoft Azure, with experience in architecting multi-cloud and/or hybrid-cloud environments.
• Must have experience working across multiple large-scale cloud providers, including AWS and Azure.
• Must be experienced in creating a strategic cybersecurity technology direction, aligning it with tactical activities, and communicating plans broadly across the organization.
• Experience in analyzing cybersecurity risks and architecting security solutions.
• Proven knowledge of cloud services and distributed system architecture.
• Create secure patterns to simplify secure application migrations to cloud environments.

Preferred (Nice-to-Have) Skills or Experience

• Bachelor's degree in Engineering, Computer Science, Information Security, or a related field.
• Familiarity or working knowledge of any scripting languages like JavaScript, Python, PowerShell, etc.
• Prior working experience in SRE, DevSecOps, or DevOps.
• Knowledge of standard continuous integration and continuous deployment (CI/CD) patterns and security configuration management.
• Proven skills in writing and creating standards documentation for architectures, solutions, and tools.
• An understanding of how application-layer vulnerabilities affect cloud infrastructure.
• Hands-on experience with some of the following technology: Cloud-native security tools (Azure Security Center, AWS Guard Duty).
• Industry-relevant certifications or training: Security-related certifications such as Certified Information Systems Security Professional (CISSP), AWS Certified Solutions Architect, Azure security certification, or equivalent experience.
• Previous experience with Cloud Security Posture Management Tools.
• Experience working with VM, containers, and their orchestration technology (Docker and Kubernetes).