OverviewAs our Information Security Architect, you’ll help drive Concora Credit’s Mission to enable customers to Do More with Credit – every single day.
The impact you’ll have at Concora Credit:
You’ll serve as a key consultant and champion across the organization on how to effectively implement and maintain security practices. This is a technical, hands-on leadership role in which you will have architecture, engineering, and even some operational duties. You’ll lead the design and development of secure patterns and practices across our technical landscape, including our hosting services, identity capabilities, data estate, and application development. You’ll work closely with many teams, including Enterprise Architecture, DevOps, Application Developers, Data Specialists, Product Owners, Project Managers, and IT leadership. You’ll help us lean into emerging technologies with eyes open to the potential risks and benefits, and how we can navigate these journeys. You’ll have an opportunity to demonstrate your expertise in designing modern computing environments that operate securely and efficiently and integrate using modern methods. You’ll have the chance to work with good people who are striving to win together.
Responsibilities
As our Information Security Architect, you will:
- Be a trusted advisor for Application Development and Shared Services initiatives by providing objective, practical, and relevant ideas, insights, and advice.
- Function with an enterprise lens in applying security practices across the environment.
- Establish architecture principles, standards, and best practices for the security of our infrastructure, identity, data, application development, and partner integrations, and integrate these into our Enterprise Architecture practices.
- Collaborate closely with developers, architects, and engineers on how to enable effective security solutions for the organization at ‘the ground level’ so solutions can scale effectively.
- Perform security assessments and engineering analysis for complex, multi-platform systems and services.
- Lead the performance of application security reviews.
- Assess the architecture and security designs and capabilities of potential products, strategic partnerships, and vendors.
- Develop and present metrics that represent the efficacy of the practices and controls in place.
- Maintain a relevant skillset and expertise in information security technologies and practices.
- Perform other duties as assigned.
These duties must be performed with or without reasonable accommodation.
We know experience comes in many forms and that many skills are transferable. If your experience is close to what we're looking for, consider applying. Diversity has made us the entrepreneurial and innovative company that we are today.
Qualifications
Requirements:
- 5-8 years of broad security experience as a practitioner within IT organizations.
- Bachelor’s degree, applicable certification, or equivalent experience.
- A future-focused mindset considering where the organization is today, knowing what’s coming in the technology landscape, understanding what that means for security, and building a course to ensure we don’t get there late.
- Understand all facets of information technology lifecycles, from scoping to delivery and operations, and the ability to see and communicate the role information security plays in every stage.
- Background in bringing a variety of stakeholders together to achieve specific security outcomes.
- Broad background working directly with all levels of security controls.
- Extensive experience with one or more regulatory frameworks associated with information technology (e.g., PCI, GLBA, HIPAA, SOX, etc).
- Strong written and verbal communication skills, including the ability to discuss technical topics with a non-technical audience.
- Able to partner with technology subject matter experts (SMEs) to define and formalize security policies and practices in collaboration with the teams most impacted to reach secure and functional outcomes.
- Able to develop security architecture standards, frameworks, guidelines, and design patterns spanning all layers of security from host, server, and network to application and data security.
- Identify opportunities for security tooling and automation with the goal of translating security standards into policy-as-code and infrastructure-as-code that is secure by default
- Experience in evaluating security controls from a value and return on investment perspective.
Preferred:
- Expertise in security architecture for cloud/hybrid systems and application development.
- CISSP, CISM , and related security certifications strongly preferred.
- Working knowledge of Cloud-based Identity and Access management (IAM), including Single Sign On, MFA, identity providers, and frameworks. (FIDO, SAML, OAuth, OIDC.
- Excellent conceptualization, analytical, logical, and documentation skills.
- Experience in the financial services or servicing operations sectors.
What’s In It For You:
- Medical, Dental and Vision insurance for you and your family
- Relax and recharge with Paid Time Off (PTO)
- 6 company-observed paid holidays, plus 3 paid floating holidays
- 401k (after 90 days) plus employer match up to 4%
- Pet Insurance for your furry family members
- Wellness perks including onsite fitness equipment at both locations, EAP, and access to the Headspace App
- We invest in your future through Tuition Reimbursement
- Save on taxes with Flexible Spending Accounts
- Peace of mind with Life and AD&D Insurance
- Protect yourself with company-paid Long-Term Disability and voluntary Short-Term Disability