Job Description :
Position: Sr. Security Architect
Location: Kansas City
Duration: 3 months+
JOB DESCRIPTION
This position is responsible for establishing standards, best practices, and procedures that ensure our products, services, operations, computers, systems, and networks, policies, procedures, and practices meet government, certification and regulatory compliance, and the appropriate levels of Information Assurance and Information Security measures in operation.
· Acts as security architect and consultant to Software Engineering, Information Technology, Cloud Operations, and Product Management groups, to plan, research, and design elements of security.
· Documents processes to facilitate more efficient engagement with, utilization of, and incorporation into the existing information security processes and capabilities.
· Assists in communication of various aspects of the information security programs to clients, prospects, auditors, and internal teams.
· Assesses technical designs, project plans, and proposed initiatives for security concerns; and works to ensure they are addressed with minimal business impact.
· Maintains, manages, and constantly improves client’s architecture review processes.
· Documents and presents risks, issues, concerns, and findings to management in a manner suitable for client consumption.
· Be “on point” when a security expert is needed.
· Works with internal groups with the application of security best practices.
· Conducts and facilitates threat models with software engineers and train others to do so.
· Delegates tasks to members of an assigned programming team to develop the modules necessary for the final security structure.
· Integrates the security and tests security structures to ensure systems and practices operate as intended.
· Responds to any incidents or problem reports related to security or information assurance.
· Performs a post-event analysis to determine and develop any necessary changes.
· Passionate about Privacy and Security concerns within HealthCare and industry.
· Continually updates job knowledge by studying industry changes in security standards, information management, development standards, methods and emerging 3rd party security technologies in order to advise on security and leverage industry best practices in the design and construction of Client solutions and operations.
Required Experience:
· Minimum 6+ years of experience in Information Security in varied information security roles.
· 3+ years in software engineering, system administration, or network administration roles.
· Must have experience with HP Fortify.
· Must have a CISSP certification and ISSAP is preferred.
· Experience with building systems to comply with HIPAA, Meaningful Use, DEA EPCS, and other EHR regulations.
· Experience with building systems, policies, and procedures to comply with NIST 800-53 Publication , FIMSA.
· Experience with building systems, policies, and procedures to comply with ISO 27001 and ISO 27002.
· Experience defining and building process that maximize efficiency to participants and stakeholders.
· Proficient with network and communication protocols concepts.
· Proficient with system administration and engineering practices.
· Proficient with technology infrastructure management activities.
· Expertise in secure software development principles.
· Understanding of Agile, Scrum and/or Kanban, BDD and TDD.
· Expertise in risk management frameworks.
· Able to articulate risks and mitigations to technical, business, and executive audiences in verbal and written formats.
· Experience working within a geography dispersed team.
· Experience writing Documentation including technical specifications, whitepapers and internal documentation.
· Equally comfortable working with Windows, Mac, Linux, and Unix environments.
· Participated in the technical design of features for future products.
· An ability to explain complex technical concepts to the non-technical and to provide Training in the tools administrated.
· A demonstrable ability to show continuous improvement in abilities, quantity of output and quality of deliverables.
· Excellent time management skills.
· Must be ability to handle conflict, difficult situations, and urgent issues in a professional manner.
Education Required: BS in Computer Science, Computer Engineering, Computer Security or equivalent experience