Posted in Other 30+ days ago.
Type: Full Time
BUILD YOUR FUTURE…WHILE PROTECTING THEIRS.
You will be challenged. Rewarded. And valued for your unique experience, background and perspective.
Join a team where hard work pays off and original thinking is celebrated. As you build your future at Westfield, you will quickly learn that protecting our customer's future is at the heart of what we do. We deliver on our promise to help restore lives and rebuild businesses when the unexpected happens. Building relationships has been part of our culture since 1848. Be a part of a team that recognizes and appreciates those who take initiative, seek opportunity, and strive for innovation in a changing world.
Information Security Architect Job Summary
Salary: 123,942 - 142,533 - 161,124
Location: Westfield Center, OH or other remote locations around the United States
The Information Security Architect is responsible for information security systems architecture and/or data engineering. The Architect will focus on one of two areas in information security:
- Information System Architect - managing and participating in the solution identification, evaluation, selection, and implementation of security-related tools and services for IT projects and other initiatives.
- Data Security Architect - the administration and operational processes of multiple data security platforms including implementation, configuration, policies, monitoring, alerting and reporting.
The Architect collaborates with IT and business partners to ensure the successful planning, implementation, and maintenance of information security projects along with policies, standards and procedures.
Essential Functions (primary functions and/or reasons the job exists in order of importance)
- Responsible for information security systems architecture and/or data engineering.
- As assigned, responsible for managing and participating in the solution identification, evaluation, selection, and implementation of security-related tools, controls and services for IT projects, and other initiatives. Assists in the selection and integration of products and solutions that align with operational and architectural requirements. Analyzes commercial information security products and services and recommends solutions
- As assigned, responsible for the administration of the data security platforms, its configuration, policies, and reporting. Operates the data security platforms and related technical security controls including: research, recommendations and implementation.
- Guides and coaches project team members in the identification, development, and completion of deliverables consistent with information security policy and standards. Responsible for ensuring that information security standards are understood and adhered to on projects, documentation is completed, and assignments are completed accurately and on time.
- Makes recommendations and assists in implementing changes to work processes and procedures to strengthen and improve company security measures. Provides security consulting and project management services on highly complex information security projects and issues.
- Facilitates meetings with cross-functional teams to establish the creation of current and future state information security models; analyzes impacts to current architectures, processes, and procedures; creates recommendations and proposals. Works with developers and IT Engineers during new product design to help ensure security best practices are implemented.
- Identifies and evaluates potential threats and vulnerabilities (either detected internally or publicly announced) that could impact the company's applications or infrastructure and recommends mitigating controls to reduce the company's risk.
- Remains current on security threats, emerging information security technology, and industry best practices and trends. Disseminates information security information throughout the company as needed to provide clarity and protect against security threats.
- Creates data security reports for individual and collective platforms and performs database vulnerability and penetration assessments, as assigned.
- Participates in architectural governance activities and processes, as needed.
- Provides information security contract requirements based on data classification and mission criticality.
- Works with the Database Administrators (DBA), System Administrator and User Administration staff in developing proper database access control methods and minimum security baselines.
- Provides subject-matter expertise and support to project teams as needed.
- Participates fully in change management across IT and IT infrastructure. Coordinates changes with other areas of the IT department as appropriate.
- May be assigned to participate on the Security Incident Response Team (SIRT) responding to incidents that may occur.
- Participates in disaster recovery tests including verifying scripts and performing mock disaster recoveries, as needed.
- Maintains working knowledge and understanding of information security, risk management, and regulatory compliance topics. Participates in professional industry groups, creates a network of key contacts, and researches topics to stay abreast of information security industry changes.
- Travels occasionally in order to participate in special assignments, training, and/or travel between office locations.
Desired Qualifications/Experience/Certification/Education (in order of importance)
- 6 or more years of IT security architecture, engineer, secure SDLC and/or database administration experience.
- Proficient in Web Application and Web Service Security.
- Experience with industry standards for federated identity, specifically OpenID Connect and SAML.
- Experience with OAuth 2.0 Authorization framework.
- Information security experience including experience and knowledge in one or more of the following areas:
- Current information security techniques and technologies.
- Relational Database Management Systems (RDBMS) software, technology, administration, and utility tools.
- IT security architecture principles and best practices.
- Data security governance and monitoring, data location and classification, and data access.
- Secure SDLC, DevSecOps
- Experience with methods used in performing risk analyses and assessments.
- Highly proficient computer and systems skills, with skills in scripting and basic programming gained through previous work experiences.
- Experience maintaining and updating documentation necessary for supporting security environments, including policies, standards, patterns, and reference architectures.
- Strong oral, written, and interpersonal communication skills resulting in the ability to interface with managers and staff at all levels within the organization.
- Experience evaluating performance and scheduling, planning, and organizing staff in problem-solving activities.
- Experience training, designing process solutions, and directly interacting with customers.
- Excellent project management, organizational, and prioritization skills with the ability to manage multiple activities/demands simultaneously and to recognize and address workload issues as needed.
- Working towards obtaining or have already obtained the following: Certified Information Systems Security Professional (CISSP) or other recognized security designation(s).
- Bachelor's degree or commensurate experience.
- Valid driver's license and a driving record that conforms to company standards.
Physical Requirements (specific to the role)
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
- Ability to work effectively in an office environment for 40+ hours per week