We are looking for Security Architect for our client in Boston, MA
Job Title: Security Architect
Job Location: Boston, MA
Job Type: Contract ? 12 Months / Contract to Hire / Direct Hire
?US citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor H1b candidates at this time.?
- Provide oversight, guidance and prioritization to the sub team in systems requirements planning, systems securityarchitecture, and continuous monitoring.
- Support the Chief Information Security Office in security program management and security human capital management. Liaise with IT partners to establish and maintain daily working relationship.
- Security Program Management
- Perform necessary due diligence activities to determine third-party vendor adherence with IT compliance requirements.
- Serve as InfoSec Lead for initial detection, analysis, and investigation of securityevents to determine likelihood of compromise and respond according to Executive Information Security Incident Response processes.
- Advise the CISO by identifying critical security issues; recommending risk-reduction solutions.
- Communicate with customers to determine when InfoSec support is needed.
- Integrate and share information with other analysts and other teams.
- Security Human Capital Management
- Manage, mentor and implement professional development plans for direct reports, working closely with Human Resources.
- Assist in the management of a workforce by ensuring the fair and consistent application and strict adherence to the rules, regulations, collective bargaining agreements (if applicable) and policies of the Authority including the EEO, Anti-Discrimination and Anti-Harassment and Anti-Retaliation policies.
- Systems Requirements Planning
- Design and document securityarchitecture guidelines and requirements.
- Maintain a current understanding of technology trends to participate in evaluation of potential technology improvements or shifts.
- Systems SecurityArchitecture
- Lead the development and improvement of architectural and security designs.
- Serve as a subject matter expert to executive leadership on a range of cybersecurity best practices, architectures, solutions and technologies.
- Provide cybersecurityarchitecture services to business partners to ensure the secure delivery of all technology.
- Ensure architectures, technologies and solutions align with and integrate regulatory requirements and industry best practices.
- Provide strategic and tactical cybersecurity guidance for technology projects.
- Attend Change Advisory Board and Architecture Review Board Meetings.
- Continuous Monitoring
- Analyze the effectiveness of IT control activities and report on them, with actionable recommendations, to the CIO, the CISO and IT managers.
- Develop applications scanning and monitoring capabilities.
- Respond to each inquiry, whether from a customer, vendor or co-worker in a timely, courteous and professional manner.
- Stay abreast of information security issues and regulatory changes affecting transportation at the state and national level.
- Perform special projects and other duties as assigned.
- Bachelor?s degree in related technical or engineering field or supplemental professional experience. Relevant experience can be substituted for degree.
- 7+ years?experience in an IT environment, with experience leading information assurance and securityarchitecture teams, and managing and providing technical leadership for complex enterprise security projects.
- Deep understanding of vulnerability assessment and validation processes.
- Ability to analyze and determine the applicability of data, to draw conclusions and make appropriate recommendations.
- Ability to assemble items of information in accordance with established procedures.
- Ability to determine proper format and procedure for assembling items of information.
- Additional IT experience as a programmer, system administrator or network engineer preferred.
- Demonstrated ability to perform a risk-based approach to securing applications, databases, or infrastructure.
- Demonstrated process orientation? the ability to build repeatable and reusable processes.
- Excellent verbal and written communication skills.
- Knowledge of the principles, practices and techniques of supervision.
- Knowledge of the laws, rules, regulations, policies, procedures, specifications, standards and guidelines governing assigned unit activities.
- Knowledge of SIEM technology (QRadar preferred).
- Knowledge of NAC technology (Forescout preferred).
- Knowledge of or experience with securityarchitecture framework.
- Knowledge on threatlandscape, securitythreat and vulnerability management, as well as security monitoring and analytics.
- Knowledge in compliance frameworks and requirements such as PCI, HIPAA, SOX, etc.
- License and/or Certification Requirements:
- GSLC, CRISC, SSCP, CISSP, CISSP-ISSAP, CISSP-ISSEP, CEH, CompTIA Security + or equivalent certification preferred.