Previous Job
Previous
Information Security Architect
Ref No.: 17-00426
Location: McLean, Virginia
Position Type:Contract
ONLY ACCEPTING DIRECT W2 APPLICANTS NON CORP-TO-CORP AT THIS TIME The Information Security Architect is responsible for understanding and evaluating complex business functions and processes, and identifying associated risks, existing IT security infrastructure, IT development methodologies, operational requirements and procedures and forming a set of comprehensive and coherent plans to support and further the business in its endeavors. Information Security Architecture is charged with working closely with the Information Security, Enterprise Architecture, Engineering and Operations groups to comprehend and recognize business, industry, and technology variables (currently in place, planned, developing and emerging) and setting the direction of the IT organization to support current and future business models, strategies, and processes. - Provide solutions architecture to various application development teams on key initiatives. - Define and document information security strategy and service solution architectures that enable a secure Technology Services infrastructure in support of business requirements at Client. - Work collaboratively with enterprise architects to integrate security service architecture into the Enterprise Application architecture. - Validate architecture collaboratively with infrastructure and application development project teams and senior management ensuring that corporate security policy, standards and industry best practices are met. - Specify solutions that address authentication, authorization (what authorization model is required), auditing of critical security related events, administration (provisioning of access rights, recertification of access rights), confidentiality (both at rest and in transit), integrity, and availability. - Fully account for a mixture of in-house built and COTS (commercial off-the-shelf) product scenarios, assess product capability to meet the stated requirements and ability to comply with vetted Client security patterns for implementation. - Drive and track adoption of Information Security Architecture standard patterns using a risk based approach. - Identify information security risks associated with the solution, and provide compensating mitigations where necessary. - Identify any gaps in existing security infrastructure, work with Senior Information Security Architects to identify roadmap solutions. - Build effective relationships with key stakeholders who own and support IT architecture, infrastructure, applications, processes and operations throughout Client. - Demonstrate work commitment and drive for results as part of a demanding delivery schedule that serves multiple projects at once. - Understanding of industry standards and best practices, keeping current with financial industry trends and emerging technologies. Experience Required: - BA/BS degree in Computer Science, Information Systems or a related technical field or equivalent combination of education and experience. - 12+ years of IT experience, preferably in the financial services industry - Minimum 6 years experience working in an enterprise architecture, information security, information technology or information risk management related field. - Minimum 4 years experience in the specification of enterprise Information Security Architectures with an understanding of infrastructure and application security requirements and architecture. - Demonstrated experience of entity data modeling, UML or any architecture methodology applied with a Technology Services infrastructure scope. - Demonstrated experience in defining security architecture solutions for large, mission critical systems comprised of multi-tier web applications, rich-client applications and batch processing (including ETL). - Demonstrated experience in identifying, monitoring and managing information security risk for financial services organization or organizations with similar information security needs and requirements. - Demonstrated experience of participating in the SDLC process with detailed knowledge of typical security requirements and solutions for mission critical applications and infrastructure. - Understanding of datacenter and cloud security best practices - Understanding of network security architecture best practices - Understanding of server security architecture best practices - Understanding of data security architecture best practices - Understanding of application security best practices - Understanding of endpoint (desktop, laptop) best practices - Understanding of mobile device security best practices - Ability to work independently and within groups. Must be self-motivated and able to work independently with minimal supervision. - Ability to work well under pressure and to meet tight deadlines. Demonstrate a high level of motivation, confidence, integrity and responsibility. - Possess excellent written and verbal communication skills, presentation, and problem solving skills and be able to interact well with peers and internal customers. Desirable: - CISSP, CISA Candidate resumes must reflect ability of candidate to fulfill responsibilities commensurate with position responsibilities and required experience as stated above. During interview, candidate will be expected to articulate their background in these areas and answer questions in a manner that indicates ability to work on mission critical projects with enterprise scope and impact.