Security Architect (IAM)

01 Dec 2024

Vacancy expired!

JOB SUMMARY: Develops and maintains security strategies, requirements, and standards for applications and platforms. Provides in depth Technical Security guidance and is identified as the Security Subject Matter Experts (SME) for various technologies and project areas. Ensures company security policies, standards and industry standards are communicated to program teams during the Software Development Life Cycle (SDLC) process. Able to identify gaps and work with project teams to improve security while retaining time to market, functionality and scalability. Reviews and approves Security Accreditation tasks during each of phase of SDLC. Serves as point of escalation for security issues and risks that may arise. Has a broad knowledge in areas of Security such as Cloud Computing, Application, IAM, Infrastructure, and Risk. CANDIDATE PROFILE Education and Experience Required: • Bachelor's or master's degree in computer science, information systems, cybersecurity or a related field or equivalent experience/certification. • 8+ years of Information Security experience in conducting security reviews and accreditation. • Experience in developing Enterprise Security Strategies. • Experience in reviewing and developing Security Architectures and identifying security risks/gaps • Ability to conduct independent research • Direct management of cross functional, sourced, or matrixes teams • The security architect should have direct, documented, and verifiable experience with the following: o Experience in using architecture methodologies such as SABSA, Zachman and/or TOGAF. o Strong working knowledge of managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology. o Experience securing CI/CD pipelines. o Documented experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services. o Experience designing the deployment of applications and infrastructure into public cloud services. o Direct experience designing Identity and Access Management (IAM) architecture o Strong working knowledge of IAM technologies and practices: Virtual Directory Services Identity Governance Privileged Access Management PKI Password less Authentication Cloud Identity (AWS IAM) o Full-stack knowledge of IT infrastructure: o Applications o Databases o Operating systems - Windows, Unix and Linux • Strong working knowledge of IT service management (e.g., ITIL-related disciplines): o Change management o Configuration management o Asset management o Incident management o Problem management Preferred: • Direct, hands-on experience or strong working knowledge of managing security infrastructure - e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology. • Current information security certification, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), ISACA's CISA, The Open Group's TOGAF, SANS' GAIC • Knowledge of Industry Standards such as NIST Cybersecurity Framework (CSF), PCI-DSS, COBIT, CSA, MITRE ATT&CK & CAPAC, STRIDE, CIS Benchmarks etc. • Proven ability to provide Security Requirements for areas including but not limited to; Cloud Computing, Application Development, IAM and Infrastructure. • Knowledge of securing technologies such as but not limited to; SaaS services (ie. O365, Salesforce), Application Design, Container Platforms (ie. Docker, Kubernetes), Serverless, Big Data, Network, Operating Systems, Identity and Access Management. • Knowledge of SDLC (Waterfall/Agile), DevSecOps and good understanding of ITIL v3 Framework • Proficient in performing quantitative risk management analysis • Using ServiceNow to track activities, tasks, approvals, etc. • Strong negotiating, influencing and problem resolution skills • Proven ability to effectively prioritize and execute tasks in a high-pressure environment • Experience in business systems and process planning • Knowledge of business environment, service requirements and hospitality culture • Ability to translate information security objectives into mutually beneficial business strategies for the client organizations • Demonstrated ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action • Graduate/post graduate degree in cyber security CORE WORK ACTIVITIES Standards & Business Partnership • Oversees, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organizations information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations. • Defines strategy and roadmap, provides guidance, creates standards and guidelines, and reviews and approves architectural designs. Ensures standards and guidelines incorporate legal and regulatory requirements. • Conducts security and privacy technology research and assessments and integration processes; provides and supports a prototype capability and/or evaluates its utility. • Consults with customers to gather and evaluate functional requirements and provides security and privacy requirements, guidelines, and standards. • Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develops and/or recommends and operationalizes appropriate mitigation countermeasures. • Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. • Advocates policy changes and makes a case on behalf of the company via a wide range of written and oral work products. • Applies knowledge of priorities to define an entity direction, determine how to allocate resources, and identify programs or infrastructure that are required to achieve desired goals within domain of interest. Develops policy or advocates for changes in policy that will support new initiatives or required changes/enhancements. • Oversees the information assurance (IA) program of an information system in or outside the network environment; may include procurement duties. • Manages and measures information security implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, risk management, security awareness, and other resources. MANAGEMENT COMPETENCIES Leadership • Communication - Conveys information and ideas to others in a convincing and engaging manner through a variety of methods. • Leading Through Vision and Values - Keeps the organization's vision and values at the forefront of employee decision making and action. • Managing Change - Initiates and/or manages the change process and energizes it on an ongoing basis, taking steps to remove barriers or accelerate its pace; serves as role model for how to handle change by maintaining composure and performance level under pressure or when experiencing challenges. • Problem Solving and Decision Making - Identifies and understands issues, problems, and opportunities; obtains and compares information from different sources to draw conclusions, develops and evaluates alternatives and solutions, solves problems, and chooses a course of action. • Professional Demeanor - Exhibits behavioral styles that convey confidence and command respect from others; makes a good first impression and represents the company in alignment with its values. • Strategy Development - Develops business plans by exploring and systematically evaluating opportunities with the greatest potential for producing positive results; ensures successful preparation and execution of business plans through effective planning, organizing, and on-going evaluation processes. Managing Execution • Building a Successful Team - Uses an effective interpersonal style to build a cohesive team; inspires and sustains team cohesion and engagement by focusing the team on its mission and importance to the organization. • Strategy Execution - Ensures successful execution across of business plans designed to maximize customer satisfaction, profitability, and market share through effective planning, organizing, and on-going evaluation processes. • Driving for Results - Sets high standards of performance for self and/or others; assumes responsibility for work objectives; initiates, focuses, and monitors the efforts of self and/or others toward the accomplishment goals; proactively takes action and goes beyond what is required. Building Relationships • Customer Relationships - Develops and sustains relationships based on an understanding of customer/stakeholder needs and actions consistent with the company's service standards. • Global Mindset - Supports employees and business partners with diverse styles, abilities, motivations, and/or cultural perspectives; utilizes differences to drive innovation, engagement and enhance business results; and ensures employees are given the opportunity to contribute to their full potential. • Strategic Partnerships - Develops collaborative relationships with fellow employees and business partners by making them feel valued, appreciated, and included; explores partnership opportunities with other people in and outside the organization; influences and leverages corporate and continental shared services and/or discipline leaders (e.g., HR, Sales & Marketing, Finance, Revenue Management) to achieve objectives; maintains effective external relations with government and business

  • Apply Now
The post Security Architect (IAM) appeared first on TSR Consulting Services.

  • ID: #23705962
  • State: Maryland Bethesda 20817 Bethesda USA
  • City: Bethesda
  • Salary: USD TBD TBD
  • Job type: Contract
  • Showed: 2021-12-01
  • Deadline: 2022-01-29
  • Category: Security