Previous Job
Web Security Architect and Engineer
Ref No.: 18-02837
Location: Malvern, Pennsylvania
The Information Security Architect is responsible for the oversight of The Institutes' information security technology, and is a technologist and a subject matter expert (SME) for all information security platforms; is responsible for developing the organization's information security architecture as well as auditing information security policies and procedures and investigating information security events. The Information Security Architect will actively promote a culture of information security throughout the enterprise. The scope of this position spans the organization's technology solutions including software applications, infrastructure, and data integration solutions. The Information Security Architect will develop a thorough understanding of all IT systems and how those systems are secured. The Information Security Architect will be responsible for advising the Application and Infrastructure functions on emerging vulnerabilities and newly introduced risks to enterprise systems. The Information Security Architect will also advise the Application and Infrastructure functions on emerging risks, vulnerabilities, and best practices for Data Management. This role will take a proactive approach in continually assessing the security of those systems throughout their lifecycle, providing recommendations for enhancing security, and adapting to new threats and vulnerabilities. This position will take the lead on technical risk assessments/audits and compliance.

Essential Responsibilities

  1. Develop, implement and monitor a strategic information security program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
  2. Collaboration and communication across The Institutes to ensure appropriate security processes, procedures and tools are installed, monitored, and effectively operating and alerting.
  3. Verifies security systems by developing and implementing test scripts.
  4. Determines security requirements by evaluating business strategies and requirements, researching information security standards, conducting system vulnerability analyses and risk assessments, studying architectural platform, identifying integration issues, and preparing estimates.
  5. Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
  6. Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
  7. Prepares system security reports by collecting, analyzing, and summarizing data and trends.
  8. Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
  9. Develop and maintain a Secure Software Development Lifecycle (SSDLC) for the Applications function, with necessary and training and certification for developers
  10. Develop and maintain a software source code and application verification program for any assets developed by The Institutes
  11. Serve as the escalation point for technical issues related to information security platforms.
  12. Take the lead role in responding to and containing information security related incidents.
  13. Conduct regular technical risk assessments/audits of both internal, and relevant external systems and infrastructure.
  14. Assist in the development and knowledge transfer to IT team members, as well as other enterprise groups.

Other Responsibilities

  1. Stays current with The Institutes' IT portfolio, marketplace cyber security trends, and all relevant enterprise initiatives and business.
  2. Proactively explores enhancements and new technologies that allow for more effective security.
  3. Acts as a resource for other groups in evaluating and recommending security.
  4. Other duties as assigned.

Required Competencies

  1. Decision making
  2. Relationship Building
  3. Communication
  4. Technical Planning
  5. Enterprise Perspective
  6. Technical Knowledge
  7. Strive to reflect our five cultural values in all efforts: Put the Customer First, Do What You Say, Work Together, Be Innovative and Do the Right Thing.

Education and Experience

  1. Bachelor's or Master's Degree in Information Technology, Computer Science, Engineering or related field.
  2. CISA, CISM, CISSP or similar certification preferred.
  3. Solid understanding of security protocols, cryptography, authentication, authorization and security
  4. Good working knowledge of current IT risks and experience implementing security solutions
  5. Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
  6. Ability to interact with a broad cross-section of personnel to explain and enforce security measures
  7. Experience with incident response and analysis.