- NIST Standards
Senior level technical advisor with superior expertise in IT Security and regulatory compliance. Guides and influences critical security architectural priorities.
Collaborates with the Enterprise Security Team, Application Security Teams, IT Architect-Infrastructure experts, IT leadership, Operational Technology Architects (SCADA) to develop agreed to approaches on improving security controls and security posture.
Reviews applicable regulations; designs and provides guidance on the deployment of the architecture and processes necessary to achieve and maintain compliance.
Influences and evangelizes the Enterprise Security Strategy. Works with and influences key stakeholders at all levels (Managers, Directors, VPs, and Analyst to Senior Technical Staff) to drive architecture decisions to enable core business strategies in a secure and reliable fashion.
Identifies new technology which can enhance security. Informs and educates IT and the business regarding potential benefits and applications. Advises on selection of technology solutions in business operating units to ensure those solutions fulfill expected security controls and requirements.
Influences and establishes security controls roadmap to establish direction and requirements for operating units. Ensures alignment with corporate IT standards, architecture planning, and best practices for Enterprise Security.
Maintains expert knowledge of Security technology, spanning IT; on-premise and cloud, and including vendor products, infrastructure, application architectures and development methodologies.
Promotes security integration into business life cycle processes, with a particular focus on business and IT transformation.
Assesses and advises on cyber risk from the very tactical/technical to business strategic. Quantifies and expresses business risk/benefits based upon security architecture decisions.
Provides thoughtful leadership related to security with external stakeholders such as regulators.
Ability to engage and influence technical experts, as well as senior business executives.
Define information security controls and patterns that support risk assessments and support the development of secure architectures.
Contribute to the Security Architecture for both pre-production and production environments.
Collaborate with technology architecture teams by performing security analysis of proposed architectures, providing risk assessment feedback, including security requirements.
Provide security consulting services internally to the organization by giving security guidance and functioning as an information security subject matter professional.
Draft information security standards and baselines.
Interact with project teams to provide advice on security and assist with compensating control alternatives where security requirements cannot be met.
All other duties and projects as assigned.
Minimum of five years of progressive security architecture experience; preferably within a professional services firm or similar environment
Ideal candidates will have knowledge and experience with Federal security regulations, standards and process that includes FISMA, FIPS, NIST and FedRAMP
Bachelor's degree from an accredited college or university; preferred certifications in CISSP, (ISC) 2 CCSP, CSA CCSK, and MCSE: Cloud Platform and Infrastructure, AWS Certified Solutions Architect
Technical experience with one or more of the following areas: identity management, Active Directory, Intrusion Detection/Prevention), endpoint protection (Symantec, Bit 9), cloud infrastructure (Azure, AWS)
Experience designing and implementing secure architecture and reference architectures: from business requirements gathering to technology rollout oversight, including capacity management, definition of scoring methodologies for technology selection, integration of multiple tools and reporting functionalities, technical documentation