Security Architect - Washington. DC
Apply NowCompany: Georgia IT, Inc.
Location: Fort Washington, MD 20744
Description:
Job Title : Security Architect
Location : Washington. DC
Salary : DOE (salary Plus benefits)
Position Type : Fulltime
Interview : Phone
(US Citizens, Green Card and GC-EAD Preferred)
No sponsorship available for this job, direct hire and NO 1099 or C2C
Job Description
Location : Washington. DC
Salary : DOE (salary Plus benefits)
Position Type : Fulltime
Interview : Phone
(US Citizens, Green Card and GC-EAD Preferred)
No sponsorship available for this job, direct hire and NO 1099 or C2C
Job Description
- Work with project teams to define security requirements for new systems in line with the enterprise information security architecture;
- Provide security design recommendations based on enterprise information security architecture and solution patterns.
- Provide guidance and assist in the development of security standards for IT platforms in line with the information security architecture;
- Maintain an up-to-date understanding of emerging trends in information security architecture; apply new techniques and trends, in-line with overall information security objectives and risk tolerance of the WBG, to the WBG's information security architecture;
- Perform controls reviews and system assessments to develop risk profiles for IT systems and evaluate the efficiency and effectiveness of the IT control environment;
- Maintain impartiality around IT systems to produce unbiased reports on information security risk;
- Provide business units with recommendations to reduce information security risk within their areas;
- Identify efficiencies to improve the performance and responsiveness of the ITSSR information security architecture function;
- Prepare and present security design and architectural review reports to system owners, business units and other;
- Evaluate WBG current software security posture and propose mitigation and remediation plans to meet software security assurance requirements;
- Translate technical security deficiencies into business risks that are understandable by business stakeholders in order to get buy-in for security investments;
- Industry certifications highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and Information Systems Security Management Professional (ISSMP).
- Role Specific Experience:Minimum two (2 or 2+) years of experience working in an information security, software development, and information risk management related field.
- Candidate must have an understanding of OWASP Top 10 and SANS 25 vulnerabilities and how to mitigate these vulnerabilities and an architecture/coding standpoint.;Mobile security architecture experience a plus;Candidate must have an understanding of the Cloud Security Alliance (CSA), Cloud Controls Matrix and how it can be leveraged for reviews of cloud solutions.