Sr. Information Security Architect

Location: Houston, TX, United States
Date Posted: 05-23-2017
The Information Security Architect is a member of the information security team and is responsible for assessing, (re)designing, and architecting / integrating security technology solutions for the enterprise. This role serves as a translator of policy and strategy into technology solutions and long-term integration to align security with the business needs.

• Aid in the creation of a clear current and future state diagram development, as well as, in the resulting strategic roadmap.
• Work closely with enterprise architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
• Develop the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.
• Serve as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with information security policies, industry regulations, and best practices.
• Contributes to the alignment of security governance with EA governance and project and portfolio management (PPM).
• Research, design and advocate new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.
• Contribute to the development and maintenance of the information security strategy in a cross-fertilizing manner (security strategy drives architecture, and architecture feeds back into security strategy).  
• Evaluate and develop secure solutions, based on approved security architectures. Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks.
• Communicate security risks and solutions to management, business partners, and IT staff.
• Partner in the design of a security architecture review board and process and monitor adherence to security policies, standards, and procedures where security architecture is involved.
• Establish and build a full life-cycle security architecture model.
• Support and contribute to change-management-process improvements.
• Develop and standardize authentication schemes (such as OAuth, SAML, WS-Sec. etc.) across the IT environment to ensure consistent and integrated access controls for systems and applications and across locations, providers and customers.
• Develop and write standard documents as they pertain to architecture or security technology solutions.  
• Translate findings based upon risk assessments, audits, or other such observations into well-designed security architecture. 
• Partner with various resources both inside information security as well as in other IT departments to establish a good understanding of capabilities, business needs, and areas for improvement. 
• Provide regular reporting on the current status of the information security architecture efforts (both at a program and a project level).  
• Produce a current state map for any ad-hoc or planned PCI-assessment by either internal or external partners.
• Oversees multiple projects as a project leader or as the subject matter expert. Under the general direction of management, defines the information security architecture and design for the enterprise.
• Perform additional duties as assigned by management.

Skills, Abilities, Experience & Qualifications    
• Bachelor’s degree in Computer Science, Science, Engineering or related discipline required.
• 10+ years relevant information security experience, including 7 years in a significant security architecture role(s) with a broad exposure to infrastructure/network and multiplatform environments required.
• Professional security management certifications, such as a CGEIT, CISM, CISSP, or other similar credentials are preferred
• Formal training in and usage of relevant enterprise architecture methodology (Zachman Framework, TOGAF, SABSA, etc.) required.
• Expert knowledge of security issues, techniques and implications across all existing computer platforms required.
• Proven ability in security process and organizational design.
• In-depth knowledge of multiple, highly complex technical areas and business segments required.
• Proficient use of common tools like Visio, SharePoint and knowledge of TOGAF or SABSA supporting tools. 
• Experience coaching and mentoring of technical staff required.  
• Strong conceptual thinking skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates.
• Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of individuals and roles, including IT and vendors.
• Strong written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical audiences.
• Proven track record and experience in developing information security architectures and standards.  
• Strong time management skills as well as strong organizational, problem-solving, and analytical skills required. Able to work in a very fast paced environment and remain positive.
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment.
• High degree of initiative, dependable and able to work well with limited supervision.
• The ideal candidate should have worked at least in two different types of industries.
• Must be authorized to work for any employer in the United States.
• Ability to pass a thorough background check.

For more information, please apply below or contact us
this job portal is powered by CATS