Performs all necessary duties to ensure the safety of information technology assets and to protect systems from intentional or inadvertent access. As a member of the Cybersecurity Solution Architecture team, this position is responsible for coordinating and managing the successful delivery of cybersecurityarchitecture services to Business and IT project engagements to ensure enterprise technology solutions comply with security control requirements, as well as any compliance policies and standards. The person in this role will work with the project team to define the scope, work effort, and deliverables for the security engagement and will oversee multiple engagements executing in parallel. The cybersecurity architect is overall responsible for meeting or exceeding engagement expectations, on-time and on-budget, and is expected to effectively exercise leadership and guidance to enable the team’s success. This role is also responsible for the continued improvement and development of the service. This person must be able to draw from a deep background in enterprise technology and security principles and solutions, as well as their understanding of the business, to clearly articulate and discuss identified business risks and various options for mitigating those risks. Communicates securityrisks and solutions to business partners and IT staff as needed.
- Develops and maintains securityarchitecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities.
- Conducts or facilitates threat modeling of services and applications that tie to the risk and data associated with the service or application.
- Performs requirements analysis and contributes to the development of use cases, architectural views (e.g. conceptual, logical, and physical), reference models and architectures, architectural principles, and architectural patterns.
- Presents technical concepts to a non-technical audience.
- Creates an approach for addressing the specific architectural, design, or process challenge.
- Interviews personnel to understand current operations and areas for improvement.
- Researches available state-of-the-art technologies and solutions.
- Creates white papers and presentations on the proposed solution.
- Provides technical briefings to leadership.
- Participates in various forums, and creating meeting reports, recommendations, and feedback as directed by leadership.
- Other duties as assigned.
- Bachelor’s degree in Information Technology/Computer Science or related field required.
- Certifications from SysAdmin, Audit, Network and Security Institute (SANS), International Information Systems Security Certification Consortium (ISC2) or Computing Technology Industry Association (CompTIA) or other position related certifications preferred.
- ITIL Foundation certification required within 6 months of position start date.
Complexity of Work:
- Ability to conduct a gap analysis of current versus desired capabilities.
- Advanced knowledge of networking/distributed computing environment concepts.
- Advanced knowledge with complex domain structures, user authentication mechanisms and cryptography.
- Has in-depth knowledge of intrusion detection and data correlation.
- Intricate knowledge of network topology and the underlying OSI model.
- Understands principles of client/server configuration.
- Good understanding of enterprise risk management frameworks and principles.
- Excellent knowledge of securitytechnology and strong analytical skills.
- Must be able to work in stressful environment and take appropriate action.
- A minimum of seven years of experience in the information security field with expert knowledge of applications, cloud and mobilesecurity, platforms and infrastructure.
- Must have highest level experience in securityarchitecture, cybersecurity tools, intrusion detection, secure networks and current state-of-the-art cybersecuritytechnologies, standards, policies, procedures.
- Knowledge of Regulations, Standards and Frameworks, including HIPPA/HITECH, HITRUST, SABSA, Zachman, TOGAF, NIST Cybersecurity Framework, ISO 27001/2
- Strong analytical, administrative, presentation, and project management skills are required
- Must have strong communication skills (both written and verbal) and the ability to work independently. ?
- Requires the ability to sit and be stationary for prolonged periods of time, normal or corrected vision and manual dexterity sufficient to perform work on a personal computer.
- Requires the ability to walk to various locations throughout the organization and to function in a stressful environment.
Personal Protective Equipment:
- Follows standard precautions using personal protective equipment as required.