Job Description :
Job Title: Information Security Architect
Location: Mclean, VA
GC& US Citizen
W2 only
ONLY ACCEPTING DIRECT W2 APPLICANTS NON CORP-TO-CORP AT THIS TIME The
Information Security Architect is responsible for understanding and
evaluating complex business functions and processes, and identifying
associated risks, existing IT security infrastructure, IT development
methodologies, operational requirements and procedures and forming a set of
comprehensive and coherent plans to support and further the business in its
endeavors. Information Security Architecture is charged with working
closely with the Information Security, Enterprise Architecture, Engineering
and Operations groups to comprehend and recognize business, industry, and
technology variables (currently in place, planned, developing and emerging)
and setting the direction of the IT organization to support current and
future business models, strategies, and processes.
- Provide solutions architecture to various application development teams
on key initiatives.
- Define and document information security strategy and service solution
architectures that enable a secure Technology Services infrastructure in
support of business requirements at Client.
- Work collaboratively with enterprise architects to integrate security
service architecture into the Enterprise Application architecture.
- Validate architecture collaboratively with infrastructure and application
development project teams and senior management ensuring that corporate
security policy, standards and industry best practices are met.
- Specify solutions that address authentication, authorization (what
authorization model is required), auditing of critical security related
events, administration (provisioning of access rights, recertification of
access rights), confidentiality (both at rest and in transit), integrity,
and availability.
- Fully account for a mixture of in-house built and COTS (commercial
off-the-shelf) product scenarios, assess product capability to meet the
stated requirements and ability to comply with vetted Client security
patterns for implementation.
- Drive and track adoption of Information Security Architecture standard
patterns using a risk based approach.
- Identify information security risks associated with the solution, and
provide compensating mitigations where necessary.
- Identify any gaps in existing security infrastructure, work with Senior
Information Security Architects to identify roadmap solutions.
- Build effective relationships with key stakeholders who own and support
IT architecture, infrastructure, applications, processes and operations
throughout Client.
- Demonstrate work commitment and drive for results as part of a demanding
delivery schedule that serves multiple projects at once.
- Understanding of industry standards and best practices, keeping current
with financial industry trends and emerging technologies. Experience
Required:
- BA/BS degree in Computer Science, Information Systems or a related
technical field or equivalent combination of education and experience.
- 12+ years of IT experience, preferably in the financial services industry
- Minimum 6 years experience working in an enterprise architecture,
information security, information technology or information risk management
related field.
- Minimum 4 years experience in the specification of enterprise Information
Security Architectures with an understanding of infrastructure and
application security requirements and architecture.
- Demonstrated experience of entity data modeling, UML or any architecture
methodology applied with a Technology Services infrastructure scope.
- Demonstrated experience in defining security architecture solutions for
large, mission critical systems comprised of multi-tier web applications,
rich-client applications and batch processing (including ETL
- Demonstrated experience in identifying, monitoring and managing
information security risk for financial services organization or
organizations with similar information security needs and requirements.
- Demonstrated experience of participating in the SDLC process with
detailed knowledge of typical security requirements and solutions for
mission critical applications and infrastructure.
- Understanding of datacenter and cloud security best practices
- Understanding of network security architecture best practices
- Understanding of server security architecture best practices
- Understanding of data security architecture best practices
- Understanding of application security best practices
- Understanding of endpoint (desktop, laptop) best practices
- Understanding of mobile device security best practices
- Ability to work independently and within groups. Must be self-motivated
and able to work independently with minimal supervision.
- Ability to work well under pressure and to meet tight deadlines.
Demonstrate a high level of motivation, confidence, integrity and
responsibility.
- Possess excellent written and verbal communication skills, presentation,
and problem solving skills and be able to interact well with peers and
internal customers.
Desirable: - CISSP, CISA Candidate resumes must reflect ability of
candidate to fulfill responsibilities commensurate with position
responsibilities and required experience as stated above. During interview,
candidate will be expected to articulate their background in these areas
and answer questions in a manner that indicates ability to work on mission
critical projects with enterprise scope and impact.
*