Information Security Architect

Job Description:

Responsibilities:

• bility to set the tone for the organization and motivate management and team.
• Understanding information security regulations, including the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), ISO 27001, COBIT NIST, and ITIL.
• Maintaining security, assessing and evaluating security, and doing security incident forensic work.
• Experience with Government agencies, particularly the Department of Defense (DoD), on information security matters.
• Experience with Government Classified systems and the associated security requirements.
• Updates job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations.
• Proficiency in Microsoft Office Suite (Word, Excel, Outlook, etc.).
• Innovative and creative mindset.
• Basic network security knowledge (general principles).
• Excellent documentation and communication skills.
• bility to organize tasks into milestones and successfully execute to project completion.
• Can work independently with little direct supervision.
• General cyber-security understanding.

Security Program Development:

• nalyze the current state of the Division's security program and design future states, creating a roadmap for implementation.
• Develop a business case and key performance indicators (KPIs) and socialize the security program within the Division.

Security Policy Management:

• ssess, manage, and improve security policies and procedures to align with industry best practices and organizational objectives.
• dvise on security decisions and direction based on the Division's vision and mission.

Collaboration and Strategy Development:

• Collaborate with other Division Architects and the Security Operations Manager to develop global security strategies based on industry best practices.
• dvise on security decisions and direction based on a deep understanding of the Division's vision and mission.

Security Architecture Development:

• Develop and maintain a security architecture process aligned with business and technology drivers.
• Create security strategy plans and roadmaps based on enterprise architecture practices.

Security Standards and Procedures:

• Draft security procedures and standards for executive management approval or authorization by the Cabinet CISO.
• Determine baseline security configuration standards for operating systems, network segmentation, and identity and access management.

Risk Assessment and Response:

• Perform risk assessments, advise on risk response strategies, and identify security issues from system integration.
• Conduct or facilitate threat modeling of services and applications to mitigate associated risks.

Collaboration and Coordination:

• Coordinate with DevOps teams to advocate secure coding practices and escalate concerns about poor coding practices.
• Liaise with privacy and compliance officers to document data flows of sensitive information and recommend appropriate controls.

Security Operations Support:

• Support internal security controls testing and validation as directed by the CISO or internal audit team.
• Review security technologies, tools, and services and recommend their use based on security metrics.

Security Infrastructure Implementation:

• Evaluate, select, and implement security technologies, tools, and solutions to enhance the organization's security posture.
• Configure and deploy security infrastructure components such as firewalls, intrusion detection/prevention systems, endpoint protection, encryption, and authentication mechanisms.

Incident Response and Forensics:

• Develop incident response plans and procedures to mitigate security incidents effectively.
• Conduct post-incident analysis and forensic investigations to identify root causes and prevent future occurrences.

Security Awareness and Training:

• Develop and deliver security awareness training programs to educate employees on security risks and best practices.
• Provide ongoing support and guidance to staff regarding security-related inquiries and concerns.

Preferred Education and Experience:

• Bachelor's degree in computer science, Information Security, or related field; advanced degree preferred.
• Proven experience (5+ years) in information security architecture, design, and implementation.
• Candidates with one plus of the following certifications are a plus.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), or other relevant certifications preferred.