Security Architecture Analyst
Hire IT People, LLC
Job Seekers, Please send resumes to resumes@hireitpeople.com Our client, a financial institution in Washington, DC, has a long-term opportunity for a Security Architecture Analyst role.
Position Overview:
The Office of Information Security (OIS) ensures that security efforts throughout the client space are coordinated and aligned with the client's business and IT strategy. This Office delineates the client's information security plans and ensures, in coordination with the Information Security Council, that resources and all implementation of plans, procedures, and standards are reviewed, supported, and deployed in the most effective and efficient manner and are consistent with overall risk management. The client's Office of Information Security needs a suitable resource to support the Risk functions. The Analyst is expected to assist the team in using a risk based approach to secure Information systems from current and emerging threats during all phases of development and production. He/she will be expected to assist in determining security requirements for IT projects, assist in the development and refresh of the client strategy for information security, assist in the preparation of IT security standards and reference architecture, and be able to perform controls reviews and system assessments to develop risk profiles for IT systems and evaluate the efficiency and effectiveness of the IT control environment.
Essential Job Functions:Work with project teams to define security requirements for new systems in line with the enterprise information security architectureProvide security design recommendations based on enterprise information security architecture and solution patternsProvide guidance and assist in the development of security standards for IT platforms in line with the information security architectureMaintain an up-to-date understanding of emerging trends in information security architecture and apply new techniques and trends (in-line with overall information security objectives and risk tolerance of the client) to the client's information security architecturePerform controls reviews and system assessments to develop risk profiles for IT systems and evaluate the efficiency and effectiveness of the IT control environmentMaintain impartiality around IT systems to produce unbiased reports on information security riskProvide business units with recommendations to reduce information security risk within their areasIdentify efficiencies to improve the performance and responsiveness of the ITSSR information security architecture functionPrepare and present security design and architectural review reports to system owners, business units, and otherEvaluate client's current software security posture and propose mitigation and remediation plans to meet software security assurance requirementsTranslate technical security deficiencies into business risks that are understandable by business stakeholders in order to get buy-in for security investments.Educational Qualifications and Experience:Education: Bachelor's degree in Computer Science, Information Systems, or a related technical fieldRole Specific Experience: 2+ years of experienceExperience in providing guidance for data protection based on data sensitivity and associated business riskExperience with enterprise security architecture design and implementation for a financial services organization or other organizations with similar information security needs and requirementsExperience guiding project team remediating such vulnerabilities.Certification Requirements:Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and Information Systems Security Management Professional (ISSMP).Required Skills/Abilities:Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applicationsAbility to work well under pressure and meet tight deadlinesHigh level of motivation, confidence, integrity, and responsibilityKnowledge of best practices and standards for enterprise security architecture, specifically in the field of Identity & Access Management, Enterprise Content Management, Collaboration Tools, Service-Oriented Architecture, Cloud, Mobility, Data Analytics, and Web 2.0 related servicesPractical knowledge of common Web vulnerabilities as per SANS 25 or OWASP Top 10 specificationsExcellent interpersonal skills including the ability to work independently and effectively in a team/task force as a team member or leader, and with senior staff and managers in the unit and elsewhere in the client spaceAbility to collaborate with senior management stakeholders to identify requirements and drive compliance with approved standards.
Position Overview:
The Office of Information Security (OIS) ensures that security efforts throughout the client space are coordinated and aligned with the client's business and IT strategy. This Office delineates the client's information security plans and ensures, in coordination with the Information Security Council, that resources and all implementation of plans, procedures, and standards are reviewed, supported, and deployed in the most effective and efficient manner and are consistent with overall risk management. The client's Office of Information Security needs a suitable resource to support the Risk functions. The Analyst is expected to assist the team in using a risk based approach to secure Information systems from current and emerging threats during all phases of development and production. He/she will be expected to assist in determining security requirements for IT projects, assist in the development and refresh of the client strategy for information security, assist in the preparation of IT security standards and reference architecture, and be able to perform controls reviews and system assessments to develop risk profiles for IT systems and evaluate the efficiency and effectiveness of the IT control environment.
Essential Job Functions:Work with project teams to define security requirements for new systems in line with the enterprise information security architectureProvide security design recommendations based on enterprise information security architecture and solution patternsProvide guidance and assist in the development of security standards for IT platforms in line with the information security architectureMaintain an up-to-date understanding of emerging trends in information security architecture and apply new techniques and trends (in-line with overall information security objectives and risk tolerance of the client) to the client's information security architecturePerform controls reviews and system assessments to develop risk profiles for IT systems and evaluate the efficiency and effectiveness of the IT control environmentMaintain impartiality around IT systems to produce unbiased reports on information security riskProvide business units with recommendations to reduce information security risk within their areasIdentify efficiencies to improve the performance and responsiveness of the ITSSR information security architecture functionPrepare and present security design and architectural review reports to system owners, business units, and otherEvaluate client's current software security posture and propose mitigation and remediation plans to meet software security assurance requirementsTranslate technical security deficiencies into business risks that are understandable by business stakeholders in order to get buy-in for security investments.Educational Qualifications and Experience:Education: Bachelor's degree in Computer Science, Information Systems, or a related technical fieldRole Specific Experience: 2+ years of experienceExperience in providing guidance for data protection based on data sensitivity and associated business riskExperience with enterprise security architecture design and implementation for a financial services organization or other organizations with similar information security needs and requirementsExperience guiding project team remediating such vulnerabilities.Certification Requirements:Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and Information Systems Security Management Professional (ISSMP).Required Skills/Abilities:Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applicationsAbility to work well under pressure and meet tight deadlinesHigh level of motivation, confidence, integrity, and responsibilityKnowledge of best practices and standards for enterprise security architecture, specifically in the field of Identity & Access Management, Enterprise Content Management, Collaboration Tools, Service-Oriented Architecture, Cloud, Mobility, Data Analytics, and Web 2.0 related servicesPractical knowledge of common Web vulnerabilities as per SANS 25 or OWASP Top 10 specificationsExcellent interpersonal skills including the ability to work independently and effectively in a team/task force as a team member or leader, and with senior staff and managers in the unit and elsewhere in the client spaceAbility to collaborate with senior management stakeholders to identify requirements and drive compliance with approved standards.
Confirm your E-mail: Send Email
All Jobs from Hire IT People, LLC