Information Security Architect
Concora Credit · Beaverton, OR · Yesterday
Information TechnologyFull-time
Responsibilities
- Be a trusted advisor for Application Development and Shared Services initiatives by providing objective, practical, and relevant ideas, insights, and advice.
- Function with an enterprise lens in applying security practices across the environment.
- Establish architecture principles, standards, and best practices for the security of our infrastructure, identity, data, application development, and partner integrations, and integrate these into our Enterprise Architecture practices.
- Collaborate closely with developers, architects, and engineers on how to enable effective security solutions for the organization at ‘the ground level’ so solutions can scale effectively.
- Perform security assessments and engineering analysis for complex, multi-platform systems and services.
- Lead the performance of application security reviews.
- Assess the architecture and security designs and capabilities of potential products, strategic partnerships, and vendors.
- Develop and present metrics that represent the efficacy of the practices and controls in place.
- Maintain a relevant skillset and expertise in information security technologies and practices.
- Perform other duties as assigned.
Qualifications
- 5-8 years of broad security experience as a practitioner within IT organizations.
- Bachelor’s degree, applicable certification, or equivalent experience.
- A future-focused mindset considering where the organization is today, knowing what’s coming in the technology landscape, understanding what that means for security, and building a course to ensure we don’t get there late.
- Understand all facets of information technology lifecycles, from scoping to delivery and operations, and the ability to see and communicate the role information security plays in every stage.
- Background in bringing a variety of stakeholders together to achieve specific security outcomes.
- Broad background working directly with all levels of security controls.
- Extensive experience with one or more regulatory frameworks associated with information technology (e.g., PCI, GLBA, HIPAA, SOX, etc).
- Strong written and verbal communication skills, including the ability to discuss technical topics with a non-technical audience.
- Able to partner with technology subject matter experts (SMEs) to define and formalize security policies and practices in collaboration with the teams most impacted to reach secure and functional outcomes.
- Able to develop security architecture standards, frameworks, guidelines, and design patterns spanning all layers of security from host, server, and network to application and data security.
- Identify opportunities for security tooling and automation with the goal of translating security standards into policy-as-code and infrastructure-as-code that is secure by default.
- Experience in evaluating security controls from a value and return on investment perspective.
- Preferred Expertise in security architecture for cloud/hybrid systems and application development.
- CISSP, CISM , and related security certifications strongly preferred.
- Working knowledge of Cloud-based Identity and Access management (IAM), including Single Sign On, MFA, identity providers, and frameworks. (FIDO, SAML, OAuth, OIDC).