The Information Security Architect leads efforts around risk analysis, architecture reviews, vulnerability knowledge and security reviews on Appriss systems. This role uses broad technical knowledge of current and emerging cyber threats, as well as security technologies and methods used to protect both corporate, cloud and customer-facing network infrastructures. This role provides expert guidance and oversight in assessing security infrastructure and network and systems design to ensure system/network security; identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives; provides expert oversight in the development, testing and operation of firewalls, routers, intrusion detection systems, cloud technology, anti-virus systems; conducts security architecture analysis to evaluate and mitigate issues; develops procedures for securing the in-house, cloud and customer infrastructure(s).
Duties and Responsibilities:
Define the security architecture direction for the business unit, including systems and network.
Develop and implement network security procedures and standards.
Perform or participate in internal and external audits to identify security issues, system vulnerability and risks, and lead the development and implementation of mitigation plans to ensure asset protection
Research, implement, support, and evaluate security-focused tools
Develop relationships and engage with industry partners, Security Information Exchanges, and other groups to assess industry advances in technical security technologies. Assess security industry trends and provide consultation, recommendations, and implementation advice on emerging technologies.
Consult with senior management and internal clients across multiple business units on complex security topics and policy interpretation.
Act as the technical escalation point for security incident investigations. Conduct appropriate investigations using network and forensic tools.
Mentor junior members of the team
Participate in security compliance efforts (e.g., ISO, SOC2, CJIS, HIPAA).
Evaluate and recommend new and emerging security products and technologies
Lead in security operations support and incident handling
Evangelize security within Company and be an advocate for customer trust
Minimum Requirements Education
Bachelor’s degree in a computer related field or equivalent experience.
Knowledge, Skills, Abilities, Experience, or Characteristics
3 years of system, network and/or application security experience with solid understanding of TCP/IP and routing protocols. Knowledge of LAN/WAN networking and security infrastructure (Firewalls, IDS/IPS, IPSec, VPNs).
3 years of experience in infrastructure or application-level vulnerability testing and auditing
Consistent implementation of security solutions at the business unit level
Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
Development experience in network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
Competency of information security governance best-practices
Competency of information security risks management practices
Experience with application-level attacks and counter-measures
Other
Travel will be involved for onsite reviews and relationship development at least twice per year, or more if technology changes are significant.