Architects and designs technical security architectures and roadmaps of high complexity, technologies, and size. Leverages industry and organizational standards, patterns and best practices to develop architectures that fulfill business strategies. Key in this role includes applying knowledge, skills and experience in securing and delivering cloud-based security solutions in a large and complex environment commensurate with or exceeding industry standards. As the Senior Information Security Architect, orchestrates the implementation of proposed solutions on large sized projects, leveraging the appropriate IT service providers in the fulfillment of that architecture. Strategically plans for future threat-based, robust, defense-in-depth security capabilities to improve the security posture. Partners with, establishes, and fosters strong relationships with a broad audience of customers, business areas, service providers, vendor partners, technical peers, senior managers and officers to create effective solutions. Ensures the delivery of effective solutions that perform as expected. Is respected as an authoritative source in multiple defined technical domains. Mentors less experienced information security staff in planning efforts. Provides consultation, and training to staff on security architecture, risk mitigation tactics, frameworks, patterns, software coding, and Internet/intranet technologies with a heavy emphasis on cloud security technologies, implementations, and support strategies. Accepts ownership for accomplishing new and different types of security challenges and requests.
- Applies working knowledge and experience securing within all phases of the SDLC.
- Able to conceptualize, develop, implement, and/or maintain a holistic view of various security control frameworks, such as NIST, FEDRAMP, COBIT, particularly in cloud application implementations.
- Experience securing custom developed (Java/.NET) applications in AWS and Azure.
- Strong familiarity or hands-on experience with Threat-modeling tools and techniques.
- Able to apply expertise in recommending remedial techniques and solutions with respect to application scan findings.
- Working knowledge of architecture tools to create enterprise level diagrams.
- Working knowledge with a variety of programming languages and scripting tools.
- Ensures that program and project level reporting information is accurate with respect to IS architecture.
- Assumes the role of subject matter expert regarding IS program, portfolio, and projects specifics.
- Creates and implements the appropriate metrics and reporting analytics which includes program, project, and financial information relevant to measuring performance.
- Travel is expected to be minimal (<5%).
- At least 10 years of progressive information technology experience directly related to an IT Architecture role with at least 5 of those years related directly to information security.
- Bachelor's degree specializing in Computer Science, Management Information Systems, or related field, or equivalent combination of education and related experience required. CISSP Certification required, certifications in TOGAF, CTA, or Zackman as well as cloud Architect certifications are desirable.
- Experience interfacing with project/program management, risk management, application development, and compliance related work functions.
- Expert knowledge of information security, IT controls, and protection strategies is required.
- Working knowledge in the application of risk management techniques in performance of job responsibilities.
- Working knowledge of common back-office software such as SharePoint, Excel, Word, PowerPoint, and Visio.
- Ability to understand highly complex environments, concepts, or problems from the business perspective to effectively guide the development of requirements and solutions.
- Applies strong critical thinking, analytical, and problem-solving skills to assimilate a