Objective Paradigm
https://cdn.haleymarketing.com/templates/61732/logos/oprecruiting-hml.png
http://www.oprecruiting.com
http://www.oprecruiting.com
true
The Cybersecurity Architect plays an integral role in implementing the organization's security strategy, architecture, and practices by effectively translating security objectives and risk management strategies into specific security processes enabled by security technologies and services.
• Provides the necessary leadership and performs analysis / design tasks to support the implementation and optimization of security solutions.
• Has overall responsibility to ensure that solutions meet business needs and align with architectural governance and security standards.
• Advocates security requirements and objectives with stakeholders across network, infrastructure, app dev and operations domains, while also ensuring that security architecture and practices do not infringe on the needs of the business.
• Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers
• Develops and maintains security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations
• Drafts security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the chief information security officer (CISO)
• Conducts or facilitates threat modeling of services and applications that tie to the risk and data associated with the service or application
• Coordinates with the DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices to the CISO or the individual responsible for the overall security direction
• Coordinates with the privacy officer to document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommends controls to ensure this data is adequately secured (e.g., encryption, tokenization, etc.)
• Defines the principles, guidelines, standards, and solution patterns to ensure solution decisions are aligned with the enterprise's future-state security architecture vision.
• Facilitates the evaluation and selection of cybersecurity product standards and services.
• Identifies the organizational impact (for example, on skills, processes, structures, or culture) and financial impact of the security architecture.
• Liaisons with the vendor management team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property, PII, ePHI, regulated or other protected data, including:
• Liaisons with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls
QUALIFICATIONS/REQUIREMENTS:
• Bachelor's or Master’s degree in computer science, information systems, engineering, cybersecurity or a related field.
• Minimum of seven years of experience designing and implementing cybersecurity solutions in two or more domains, including server/storage infrastructure, networks, application development and data.
• Exposure to multiple, diverse technologies, platforms, and processing environments.
• Experience in using architecture methodologies such as SABSA, Zachman and TOGAF
• Direct, hands-on experience managing security infrastructure such as firewalls, IPSs, WAFs, endpoint protection, SIEM and log management technology
• Experience reviewing application code for security vulnerabilities
• Direct, hands-on experience using vulnerability management tools
• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
• Full-stack knowledge of IT infrastructure:
o Applications
o Databases
o Operating systems (Windows, UNIX and Linux)
o Hypervisors
o IP networks (WAN, LAN)
o Storage networks (Fibre Channel, iSCSI and NAS)
o Backup networks and media
• Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
o Change management
o Configuration management
o Asset management
o Incident management
o Problem management
• Experience designing the deployment of applications and infrastructure into public cloud services (e.g., AWS or Microsoft Azure)
• Practical knowledge of widely used standards, regulations and cybersecurity frameworks such as NIST, ISO 27001 / 27002, SOC2, HIPA, FISMA, etc. and key security controls.
• Excellent analytical, planning, organizational and technical and skills.
• Excellent written and verbal communication skills.
SUCCESSFUL COMPETENCY FACTORS:
• Organizationally savvy, with the ability to navigate organizational politics.
• Skilled at influencing, guiding, and facilitating stakeholders and peers with decision making.
• Ability to articulate new ideas and concepts to technical and nontechnical audiences.
• Ability to synthesize facts, theories, trends, inferences, and key issues and/or themes in complex and variable situations. Recognizes abstract patterns and relationships among apparently unrelated entities and situations.
• Ability to understand the long-term ("big picture") and short-term perspectives of situations.
• Ability to translate future-state business capabilities and requirements into solution architecture requirements.
• Ability to work effectively with different types of scenarios and challenges. Ability to address tasks and projects for which no precedence exists in the organization
• Ability to propose and estimate the financial impact of security architecture alternatives.
• Ability to work creatively and analytically to solve business problems and propose solutions.
• Ability to work effectively in a team environment and partner with cross-functional teams.
• Ability to quickly comprehend the functions and capabilities of new technologies.
This role is to be filled outside the state of Colorado.
#LI-JC2
Cybersecurity Architect - REMOTE
Job Description
The Cybersecurity Architect plays an integral role in implementing the organization's security strategy, architecture, and practices by effectively translating security objectives and risk management strategies into specific security processes enabled by security technologies and services.
• Provides the necessary leadership and performs analysis / design tasks to support the implementation and optimization of security solutions.
• Has overall responsibility to ensure that solutions meet business needs and align with architectural governance and security standards.
• Advocates security requirements and objectives with stakeholders across network, infrastructure, app dev and operations domains, while also ensuring that security architecture and practices do not infringe on the needs of the business.
• Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers
• Develops and maintains security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations
• Drafts security procedures and standards to be reviewed and approved by executive management and/or formally authorized by the chief information security officer (CISO)
• Conducts or facilitates threat modeling of services and applications that tie to the risk and data associated with the service or application
• Coordinates with the DevOps teams to advocate secure coding practices and escalate concerns related to poor coding practices to the CISO or the individual responsible for the overall security direction
• Coordinates with the privacy officer to document data flows of sensitive information within the organization (e.g., PII or ePHI) and recommends controls to ensure this data is adequately secured (e.g., encryption, tokenization, etc.)
• Defines the principles, guidelines, standards, and solution patterns to ensure solution decisions are aligned with the enterprise's future-state security architecture vision.
• Facilitates the evaluation and selection of cybersecurity product standards and services.
• Identifies the organizational impact (for example, on skills, processes, structures, or culture) and financial impact of the security architecture.
• Liaisons with the vendor management team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property, PII, ePHI, regulated or other protected data, including:
• Liaisons with the internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls
QUALIFICATIONS/REQUIREMENTS:
• Bachelor's or Master’s degree in computer science, information systems, engineering, cybersecurity or a related field.
• Minimum of seven years of experience designing and implementing cybersecurity solutions in two or more domains, including server/storage infrastructure, networks, application development and data.
• Exposure to multiple, diverse technologies, platforms, and processing environments.
• Experience in using architecture methodologies such as SABSA, Zachman and TOGAF
• Direct, hands-on experience managing security infrastructure such as firewalls, IPSs, WAFs, endpoint protection, SIEM and log management technology
• Experience reviewing application code for security vulnerabilities
• Direct, hands-on experience using vulnerability management tools
• Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services
• Full-stack knowledge of IT infrastructure:
o Applications
o Databases
o Operating systems (Windows, UNIX and Linux)
o Hypervisors
o IP networks (WAN, LAN)
o Storage networks (Fibre Channel, iSCSI and NAS)
o Backup networks and media
• Strong working knowledge of IT service management (e.g., ITIL-related disciplines):
o Change management
o Configuration management
o Asset management
o Incident management
o Problem management
• Experience designing the deployment of applications and infrastructure into public cloud services (e.g., AWS or Microsoft Azure)
• Practical knowledge of widely used standards, regulations and cybersecurity frameworks such as NIST, ISO 27001 / 27002, SOC2, HIPA, FISMA, etc. and key security controls.
• Excellent analytical, planning, organizational and technical and skills.
• Excellent written and verbal communication skills.
SUCCESSFUL COMPETENCY FACTORS:
• Organizationally savvy, with the ability to navigate organizational politics.
• Skilled at influencing, guiding, and facilitating stakeholders and peers with decision making.
• Ability to articulate new ideas and concepts to technical and nontechnical audiences.
• Ability to synthesize facts, theories, trends, inferences, and key issues and/or themes in complex and variable situations. Recognizes abstract patterns and relationships among apparently unrelated entities and situations.
• Ability to understand the long-term ("big picture") and short-term perspectives of situations.
• Ability to translate future-state business capabilities and requirements into solution architecture requirements.
• Ability to work effectively with different types of scenarios and challenges. Ability to address tasks and projects for which no precedence exists in the organization
• Ability to propose and estimate the financial impact of security architecture alternatives.
• Ability to work creatively and analytically to solve business problems and propose solutions.
• Ability to work effectively in a team environment and partner with cross-functional teams.
• Ability to quickly comprehend the functions and capabilities of new technologies.
This role is to be filled outside the state of Colorado.
#LI-JC2