Information Security Architect

Job Title : Information Security Architect
Job Location : 480 School Lane , Harleysville, PA 19438
Position Type : Direct Placement
Job Description :
The Information Security Architect is responsible for developing architectural approaches and solutions to ensure the confidentiality, integrity, and availability of our client's systems and data while aligning business strategy and IT security.

Major functions:
Develop, implement, and maintain the Enterprise Information Security Reference Architecture framework to ensure the alignment of business strategy and IT security.
Participate in the Systems Development Life Cycle as a security liaison, ensuring secure software, host and network designs that protect corporate information confidentiality, integrity, and availability.
Build security design, development, and testing strategies.
Develop security technology roadmaps.
Analyze current state of the information security architecture, perform gap analysis, and develop interim steps to remediate gaps and achieve the desired state.
Conduct risk assessments on enterprise initiatives and provide results and recommendations.
Work with technology teams to ensure secure build and configuration standards are in place and are being followed.
Develop and enforce security policies, standards, procedures, and guidelines.
Assists in performing due diligence of vendors involved in project development to ensure any information security inadequacies are identified and addressed. Follows up with vendors to ensure any identified discrepancies have been resolved. Performs periodic reviews of vendors and takes corrective action as necessary.
Manage information security aspects of IT projects, ensuring security protocols are in place and compliance with other applicable information security policies. Analyzes project plans to determine security requirements and follows up to ensure security of new systems.
Assists senior staff in supporting internal audit and external regulators with compliance issues and investigations. Provides supporting documentation for information security processes and procedures.
Mentors less experienced staff in information security processes and procedures as well as information technology infrastructure and associated information security problems and vulnerabilities.
Assists in the execution of changes in response to regulatory changes affecting information security. Follows up on developed compliance plans to ensure completion.
Maintains current and in-depth knowledge of information security and technology environment, proactively pursuing knowledge of new and developing technologies.
Must adhere to pertinent laws, regulations, our client's Compliance Policy and external compliance requirements.
Bachelor's degree in Computer Science, Information Systems Engineering, related field, or equivalent experience required.
Minimum of 10 years of experience developing security architectures and solutions consistent with Information Security policies, standards, and strategy.
Professional security accreditation such as CISSP, CISM, etc. required.
Strong working knowledge of COBIT and ITIL frameworks.
Previous experience successfully integrating security into the SDLC.
Demonstrated experience assessing risk and developing security controls at a business-appropriate level
Experience in hands-on technical security control assessment, architecture and design, information security solution engineering, security technology implementation, and security service delivery role, including in-depth hands-on experience in complex heterogeneous enterprise environments.
Experience with inner workings and security aspects of a variety of operating systems, application servers, web servers, media/content servers, messaging servers, database servers, integration servers, etc.
Excellent oral and written communication skills to articulate ideas and concepts.
Strong analytical, evaluative, and problem-solving abilities.
Demonstrated project management skills including ability to coordinate efforts of others and influence decision making processes without explicit authority.
Demonstrated experience in implementing and enforcing security policies, procedures and regulatory requirements and ability to interpret and administer security policy documents

JD 15-00434

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.