The Information Security Architect is responsible for designing and implementing secure solutions across the Assurant enterprise. The solutions shall be designed to mitigate and/or reduce business exposure to information securityrisks. Risks may include, but not limited to, cybersecurity, information security, data loss prevention, intrusion prevention, and the availably of information systems. The Architect will implement solutions that comply with Assurant Information Security Policies and Standards and lead teams of Security Engineers in implementing security solutions across the enterprise.
Primary Responsibilities: 50% Strategy
- Guide information security implementations & policy enforcement throughout Assurant.
- Provide securityarchitecture recommendations and guidance to senior security leaders and stakeholders.
- Design gap remediation strategies as directed by senior security leaders.
- Investigate the potential impact of emerging technologies and architectures and communicate findings to senior security leaders.
- Design technology platforms and infrastructures in alignment with Assurant security standards and strategic roadmaps.
- Develop secure architecture standards, requirements, and documents.
- Reviews technical solutions and make recommendations in alignment with Assurant securityarchitecture requirements.
- Participate in the development of departmental strategic roadmaps and strategies.
- Establish and maintain an internal ethical hacking and application penetration testing methodology.
- Work with the Information Security Office to articulate architecturerisk to the business.
- Collaborate with Enterprise Architecture on security design considerations for overall IT infrastructure needs.
- Conduct securityarchitecture reviews for internal and external clients and business partners at the request of the senior security leaders and/or Information Security Office.
- Promote and help remediate gaps in regards to securityarchitecture.
- Provide support for mergers, acquisitions and divestitures.
- Assess current state and maturity levels of existing securityinfrastructures, frameworks, methodologies, platforms.
- Coordinate and participate in the testing of security solutions.
- Conduct securityarchitecture reviews and produce detailed documentation for Assurant’s technology platforms and supporting solutions
- Assist in incident response process as required
- Manage and lead security projects and/or initiatives.
- Provide technical leadership for business security initiatives involving securityarchitecture.
- Provide technical and strategic mentorship for Security Engineers & Analysts
- Participate in staff skills assessment and training development exercises
- Educate peers and security personnel about security platforms, technologies and architectures (both existing and emerging)
- 5+ of experience the field of IT, Information Security, Compliance, Audit or Risk (with a broad range of exposure to all aspects of business continuity, systems analysis, risk management, application development and information security)
- 3+ years of Information Securityexperience
- 3+ years of experience in leading teams or projects
- Bachelor's degree in Business, Computer Science, Engineering, etc.
- 5+ years of Information Securityexperience
- 3+ years of experience implementing IDM strategies and systems
- Appropriate certification preferred:
- Certificated Information Systems Security Professional (CISSP)
- Certificated Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- Certificated Information Security Manager (CISM)
- Certified Cyber Forensics Professional (CCFP)
- Proven leadership skills
- Excellent written and verbal communications
- Ability to manage multiple and complex priorities
- Solid understanding in one of the follow areas: security, compliance, audit, risk management and business continuity.
- Expert knowledge of Directory Services, Application Development, Infrastructure (networks, server and end computing devices), Software and Software distribution methods and business continuity planning and practices
- Expert knowledge of the Information SecurityArchitecture deployment lifecycle
- Strong application securityexperience with practical knowledge of programing languages such Perl, Java, XML, HTML and others.
- Solid understanding of operating system internals, networks, applications, databases, and cloud technologies.
- Expert knowledge of relevant security standards (NIST, ISO, etc) and ability to align them to secure architecture designs
- Strong knowledge of technologies that support application system environments including but not limited to:
- Authentication and authorization.
- Web technologies.
- Application servers.
- Database Management Systems.
- Web Application Firewalls.
- Web services.
- Familiarity with legal, regulatory and industry security requirements and frameworks. Including, but not limited to the following:
- International Organization for Standards (ISO/IEC 27001)
- Payment Card Industry – Data Security Standards (PCI – DSS)
- Sarbanes Oxley (SOX)
- Health Insurance Portability and Accountability Act (HIPAA) and HITRUST; HITECH
- Gramm-Leach-Bliley (GLB)
- Control Objectives for Information and related Technology (COBIT)
- Committee of Sponsoring Organizations (COSO)