Information Security Architect
- Raleigh, NC
As an Information Security Architect, you'll be responsible for Identifying security risks, analyzing and communicating the risk, and assisting with the mitigation. This role includes documenting policies and procedures, ensuring compliance with architectural standards, and assisting senior architects with developing security strategy. The position supports the people, process and technology used to deliver the Information Security Services.
Additional responsibilities include:
• Assist in the development of security baselines and standards to include technical configuration standards.
• Assist with the development and documentation of the overall IT Security Architecture as a dedicated team member for new solutions.
• Consult with the Corporate Project Office and lines of business to align projects and initiatives with information security strategy and architecture.
• Facilitate engagement between clients and the information security services catalog.
• Assist in the development of security standards applicable to all technologies in the IT and product portfolio.
• Maintain professional accreditation and participate in relevant training.
• Assist in monitoring emerging risk and trends
• Assist the IT Risk and Compliance team in developing education and awareness program materials.
• Partner with IT Risk and Compliance team to develop methodologies for monitoring and reporting on compliance with architectural and security requirements.
• Perform assessments of existing and new solutions to ensure adherence with approved architecture standards.
Bachelor's Degree Computer Science, Information Technology, or related field with minimum 10 years of experience in Information Technology including at least 8 years in Information Security; or 14 years of experience in information technology.
High School Diploma/GED with minimum 14 years of experience in Information Technology including at least 12 years in Information Security; or 18 years of experience in information technology.
• Possesses at least one of the following security certifications CISSP, GIAC, CISM, or CEH.
• Strong leadership and communication skills, including the ability to influence without authority.
• Knowledge of: Forensics, Security Operations, Incident Response, Research/Threat Detection, Malware Analysis, Assessments and Penetration testing, or Secure Software Development.
• Proven consulting and relationship management skills and the ability to leverage key working relationships with business units, vendors, and IT staff.
• Effective communicator, capable of effectively translating and presenting complex technical concepts to both technical and non-technical management and customers, through oral presentations and written media (white papers and demonstrations).
• Familiarity with one or more standard security related frameworks (NIST-Cyber, CoBIT, ISO, etc.)
• Knowledge of understanding of security principles and their application in an enterprise IT environment
• Thorough understanding of security risk assessment and/or penetration testing concepts
• Knowledge of various platform technologies including internet, network, distributed systems, desktop computing, voice, and threat management technologies.
• Experienced with enterprise security controls including malware, protection, firewalls, intrusion detection systems, content filtering, internet proxies, encryption controls, and log management solutions.
• Knowledge of tiered application architectures, web front-ends/server-side apps, application, and relational databases.
• Experience with APIs: REST, SOAP, SOA and other integrations
• Direct experience with secure application development, application security risk mitigation techniques.
• Financial services experience.
• Experience in a regulated industry sector (e.g. Government, Energy, Carrier-Telecommunications).
• Position relevant information security certifications (e.g. CISSP).
• Bachelor degree in a technology-related field.
Back to top