Information Security Architect
En
Information Security Architect
The Information Security Architect is responsible for developing architectural approaches and solutions to ensure the confidentiality, integrity, and availability of the bank's systems and data while aligning business strategy and IT security.
Major functions:
Develop, implement, and maintain the Enterprise Information Security Reference Architecture framework to ensure the alignment of business strategy and IT security.
Participate in the Systems Development Life Cycle as a security liaison, ensuring secure software, host and network designs that protect corporate information confidentiality, integrity, and availability.
Build security design, development, and testing strategies.
Develop security technology roadmaps.
Analyze current state of the information security architecture, perform gap analysis, and develop interim steps to remediate gaps and achieve the desired state.
Conduct risk assessments on enterprise initiatives and provide results and recommendations.
Work with technology teams to ensure secure build and configuration standards are in place and are being followed.
Develop and enforce security policies, standards, procedures, and guidelines.
Assists in performing due diligence of vendors involved in project development to ensure any information security inadequacies are identified and addressed.
Follows up with vendors to ensure any identified discrepancies have been resolved.
Performs periodic reviews of vendors and takes corrective action as necessary.
Manage information security aspects of IT projects, ensuring security protocols are in place and compliance with other applicable information security policies.
Analyzes project plans to determine security requirements and follows up to ensure security of new systems.
Assists senior staff in supporting internal audit and external regulators with compliance issues and investigations.
Provides supporting documentation for information security processes and procedures.
Mentors less experienced staff in information security processes and procedures as well as information technology infrastructure and associated information security problems and vulnerabilities.
Assists in the execution of changes in response to regulatory changes affecting information security. Follows up on developed compliance plans to ensure completion.
Maintains current and in-depth knowledge of information security and technology environment, proactively pursuing knowledge of new and developing technologies.
Must adhere to pertinent laws, regulations, the organization's compliance policy and external compliance requirements.
Education/Experience/Licenses etc.:
Bachelor's degree in Computer Science, Information Systems Engineering, related field, or equivalent experience required.
Minimum of 10 years experience developing security architectures and solutions consistent with Information Security policies, standards, and strategy.
Professional security accreditation such as CISSP, CISM, etc. required.
Strong working knowledge of CoBIT and ITIL frameworks.
Demonstrated experience assessing risk and developing security controls at a business-appropriate level
Experience in hands-on technical security control assessment, architecture and design, information security solution engineering, security technology implementation, and security service delivery role, including in-depth hands-on experience in complex heterogeneous enterprise environments.
Experience with inner workings and security aspects of a variety of operating systems, application servers, web servers, media/content servers, messaging servers, database servers, integration servers, etc.
Excellent oral and written communication skills to articulate ideas and concepts.
Strong analytical, evaluative, and problem-solving abilities.
Demonstrated project management skills including ability to coordinate efforts of others and influence decision making processes without explicit authority.
Demonstrated experience in implementing and enforcing security policies, procedures and regulatory requirements and ability to interpret and administer security policy documents
Estimated Salary: $20 to $28 per hour based on qualifications.
Information Security Architect
The Information Security Architect is responsible for developing architectural approaches and solutions to ensure the confidentiality, integrity, and availability of the bank's systems and data while aligning business strategy and IT security.
Major functions:
Develop, implement, and maintain the Enterprise Information Security Reference Architecture framework to ensure the alignment of business strategy and IT security.
Participate in the Systems Development Life Cycle as a security liaison, ensuring secure software, host and network designs that protect corporate information confidentiality, integrity, and availability.
Build security design, development, and testing strategies.
Develop security technology roadmaps.
Analyze current state of the information security architecture, perform gap analysis, and develop interim steps to remediate gaps and achieve the desired state.
Conduct risk assessments on enterprise initiatives and provide results and recommendations.
Work with technology teams to ensure secure build and configuration standards are in place and are being followed.
Develop and enforce security policies, standards, procedures, and guidelines.
Assists in performing due diligence of vendors involved in project development to ensure any information security inadequacies are identified and addressed.
Follows up with vendors to ensure any identified discrepancies have been resolved.
Performs periodic reviews of vendors and takes corrective action as necessary.
Manage information security aspects of IT projects, ensuring security protocols are in place and compliance with other applicable information security policies.
Analyzes project plans to determine security requirements and follows up to ensure security of new systems.
Assists senior staff in supporting internal audit and external regulators with compliance issues and investigations.
Provides supporting documentation for information security processes and procedures.
Mentors less experienced staff in information security processes and procedures as well as information technology infrastructure and associated information security problems and vulnerabilities.
Assists in the execution of changes in response to regulatory changes affecting information security. Follows up on developed compliance plans to ensure completion.
Maintains current and in-depth knowledge of information security and technology environment, proactively pursuing knowledge of new and developing technologies.
Must adhere to pertinent laws, regulations, the organization's compliance policy and external compliance requirements.
Education/Experience/Licenses etc.:
Bachelor's degree in Computer Science, Information Systems Engineering, related field, or equivalent experience required.
Minimum of 10 years experience developing security architectures and solutions consistent with Information Security policies, standards, and strategy.
Professional security accreditation such as CISSP, CISM, etc. required.
Strong working knowledge of CoBIT and ITIL frameworks.
Demonstrated experience assessing risk and developing security controls at a business-appropriate level
Experience in hands-on technical security control assessment, architecture and design, information security solution engineering, security technology implementation, and security service delivery role, including in-depth hands-on experience in complex heterogeneous enterprise environments.
Experience with inner workings and security aspects of a variety of operating systems, application servers, web servers, media/content servers, messaging servers, database servers, integration servers, etc.
Excellent oral and written communication skills to articulate ideas and concepts.
Strong analytical, evaluative, and problem-solving abilities.
Demonstrated project management skills including ability to coordinate efforts of others and influence decision making processes without explicit authority.
Demonstrated experience in implementing and enforcing security policies, procedures and regulatory requirements and ability to interpret and administer security policy documents
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
