The Information Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.
- Translates complex security-related matters into business terms that are readily understood by colleagues. Presents analyses in person and in written formats to senior leadership.
- Interprets business, technology and threat drivers, and develops practical security roadmaps to deal with these drivers.
- Determines baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM).
- Coordinates with our future DevOps teams to advocate secure coding practices.
- Participates in PCI and SOX compliance process; and follow their standards in architecting solutions.
- Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology.
- Verifiable experience reviewing application code for security vulnerabilities.
- Direct, hands-on experience or a strong working knowledge of vulnerability management tools.
- Full-stack knowledge of IT infrastructure
- Direct experience designing IAM technologies and services
- Strong working knowledge of IT service management
- Good knowledge of Regulations, Standards and Frameworks