Information Security Architect
- Career Level
- Not Specified
The Information Security Architect is responsible for designing and implementing secure solutions across the Assurant enterprise. The solutions shall be designed to mitigate and/or reduce business exposure to information security risks. Risks may include, but not limited to, cyber security, information security, data loss prevention, intrusion prevention, and the availably of information systems. The Architect will implement solutions that comply with Assurant Information Security Policies and Standards and lead teams of Security Engineers in implementing security solutions across the enterprise.
- Guide information security implementations & policy enforcement throughout Assurant.
- Provide security architecture recommendations and guidance to senior security leaders and stakeholders.
- Design gap remediation strategies as directed by senior security leaders.
- Investigate the potential impact of emerging technologies and architectures and communicate findings to senior security leaders.
- Design technology platforms and infrastructures in alignment with Assurant security standards and strategic roadmaps.
- Develop secure architecture standards, requirements, and documents.
- Reviews technical solutions and make recommendations in alignment with Assurant security architecture requirements.
- Participate in the development of departmental strategic roadmaps and strategies.
- Establish and maintain an internal ethical hacking and application penetration testing methodology.
- Work with the Information Security Office to articulate architecture risk to the business.
- Collaborate with Enterprise Architecture on security design considerations for overall IT infrastructure needs.
- Conduct security architecture reviews for internal and external clients and business partners at the request of the senior security leaders and/or Information Security Office.
- Promote and help remediate gaps in regards to security architecture.
- Provide support for mergers, acquisitions and divestitures.
- Assess current state and maturity levels of existing security infrastructures, frameworks, methodologies, platforms.
- Coordinate and participate in the testing of security solutions.
- Conduct security architecture reviews and produce detailed documentation for Assurants technology platforms and supporting solutions
- Assist in incident response process as required
- Manage and lead security projects and/or initiatives.
- Provide technical leadership for business security initiatives involving security architecture.
- Provide technical and strategic mentorship for Security Engineers & Analysts
- Participate in staff skills assessment and training development exercises
- Educate peers and security personnel about security platforms, technologies and architectures (both existing and emerging)
- 5+ of experience the field of IT, Information Security, Compliance, Audit or Risk (with a broad range of exposure to all aspects of business continuity, systems analysis, risk management, application development and information security)
- 3+ years of Information Security experience
- 3+ years of experience in leading teams or projects
- Bachelor's degree in Business, Computer Science, Engineering, etc.
- 5+ years of Information Security experience
- 3+ years of experience implementing IDM strategies and systems
- Appropriate certification preferred:
- Certificated Information Systems Security Professional (CISSP)
- Certificated Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- Certificated Information Security Manager (CISM)
- Certified Cyber Forensics Professional (CCFP)
- Proven leadership skills
- Excellent written and verbal communications
- Ability to manage multiple and complex priorities
- Solid understanding in one of the follow areas: security, compliance, audit, risk management and business continuity.
- Expert knowledge of Directory Services, Application Development, Infrastructure (networks, server and end computing devices), Software and Software distribution methods and business continuity planning and practices
- Expert knowledge of the Information Security Architecture deployment lifecycle
- Strong application security experience with practical knowledge of programing languages such Perl, Java, XML, HTML and others.
- Solid understanding of operating system internals, networks, applications, databases, and cloud technologies.
- Expert knowledge of relevant security standards (NIST, ISO, etc) and ability to align them to secure architecture designs
- Strong knowledge of technologies that support application system environments including but not limited to:
- Authentication and authorization.
- Web technologies.
- Application servers.
- Database Management Systems.
- Web Application Firewalls.
- Web services.
- Familiarity with legal, regulatory and industry security requirements and frameworks. Including, but not limited to the following:
- International Organization for Standards (ISO/IEC 27001)
- Payment Card Industry Data Security Standards (PCI DSS)
- Sarbanes Oxley (SOX)
- Health Insurance Portability and Accountability Act (HIPAA) and HITRUST; HITECH
- Gramm-Leach-Bliley (GLB)
- Control Objectives for Information and related Technology (COBIT)
- Committee of Sponsoring Organizations (COSO)