EITS Security Architect
ZETTALOGIX INC · New York, NY · 2 wk ago
Information TechnologyContract
About the role
The EITS Security Architect will interface between the CISO's strategic and process-based activities and the work of the technology-focused analysts, engineers and administrators in the IT organization.
Responsibilities
- Lead and coach on the definition of security architecture, including the development and implementation of effective security administration processes for all platforms.
- Actively engage in security architecture solutioning within key pre-implementation systems.
- Identify and implement emerging data access control technologies, information systems security issues, safeguards, and techniques.
- Perform security reviews and identify security gaps in security architecture, resulting in recommendations for inclusion into the risk mitigation strategy.
- Provide Security Architecture guidance to Senior EITS Management within XXXXXXXX and engage with multiple cross functional teams.
- Conduct application vulnerability scans, recognize vulnerabilities in security systems, and design countermeasures to identified security risks.
- Design security controls based on information assurance (IA) principles and tenets.
- Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
- Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
- Keep informed on current threats and industry regulations.
- Knowledgeable in infrastructure, application and security protocols in addition to configuration management techniques and risk management/compliance/audit standards.
- Deep knowledge of HIPAA/HITECH, NIST CSF, ISO27001/27002 and PCI-DSS Standards and Requirements.
- Knowledge of encryption algorithms.
- Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
- Knowledge of network security architecture concepts, including topology, protocols, components, principles (e.g. application of defense-in-depth), and traffic flows across the network (e.g. TCP & TCP/IP, OSI, etc.).
- Experience working with network access, identity, and access management (e.g. Active Directory, access federation, multifactor authentication, PKI).
- Experience working with operating systems (Microsoft Windows, Linux, UNIX, MacOS X).
- Knowledge of security management and secure configuration management techniques.
- Knowledge of software engineering.
- Skill in assessing the robustness of security systems and designs and determining how it should work (including its resilience and dependability capabilities).
- Knowledge of IT supply chain security/risk management policies, requirements, and procedures.
Qualifications
- A bachelor's degree in information systems.
- CISSP, CISM, GSEC, CEH, or other relevant security qualification.
- A minimum of ten years of IT experience, with at least 7 years dedicated to IT/Cyber Security, including Solution Design.