eTeam
Job Title: Information Security Architect
Job Location: Remote
Job Duration: 6+ months
Required Experience Security Program Development:
nalyze the current state of the Division's security program and design future states, creating a roadmap for implementation. Develop a business case and key performance indicators (KPIs) and socialize the security program within the Division. Security Policy Management: ssess, manage, and improve security policies and procedures to align with industry best practices and organizational objectives. dvise on security decisions and direction based on the Division's vision and mission. Collaboration and Strategy Development: Collaborate with other Division Architects and the Security Operations Manager to develop global security strategies based on industry best practices. dvise on security decisions and direction based on a deep understanding of the Division's vision and mission. Security Architecture Development:
Develop and maintain a security architecture process aligned with business and technology drivers. Create security strategy plans and roadmaps based on enterprise architecture practices. Security Standards and Procedures:
Draft security procedures and standards for executive management approval or authorization by the Cabinet CISO. Determine baseline security configuration standards for operating systems, network segmentation, and identity and access management. Risk Assessment and Response:
Perform risk assessments, advise on risk response strategies, and identify security issues from system integration. Conduct or facilitate threat modeling of services and applications to mitigate associated risks. Collaboration and Coordination:
Coordinate with DevOps teams to advocate secure coding practices and escalate concerns about poor coding practices. Liaise with privacy and compliance officers to document data flows of sensitive information and recommend appropriate controls. Security Operations Support:
Support internal security controls testing and validation as directed by the CISO or internal audit team. Review security technologies, tools, and services and recommend their use based on security metrics. Security Infrastructure Implementation:
Evaluate, select, and implement security technologies, tools, and solutions to enhance the organization's security posture. Configure and deploy security infrastructure components such as firewalls, intrusion detection/prevention systems, endpoint protection, encryption, and authentication mechanisms. Incident Response and Forensics:
Develop incident response plans and procedures to mitigate security incidents effectively. Conduct post-incident analysis and forensic investigations to identify root causes and prevent future occurrences. Security Awareness and Training:
Develop and deliver security awareness training programs to educate employees on security risks and best practices. Provide ongoing support and guidance to staff regarding security-related inquiries and concerns Understanding information security regulations, including the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), ISO 27001, COBIT NIST, and ITIL. Maintaining security, assessing and evaluating security, and doing security incident forensic work. Knowledge of vendors and their products, including: Experience with Government agencies, particularly the Department of Defense (DoD), on information security matters. Experience with Government Classified systems and the associated security requirements. Updates job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations. Proficiency in Microsoft Office Suite (Word, Excel, Outlook, etc. Innovative and creative mindset Basic network security knowledge (general principles) Excellent documentation and communication skills. bility to organize tasks into milestones and successfully execute to project completion. Can work independently with little direct supervision. General cyber-security understanding Preferred Education & Experience: Bachelor's degree in computer science, Information Security, or related field; advanced degree preferred. Proven experience (5+ years) in information security architecture, design, and implementation. Candidates with one or more of the following certifications are a plus: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), or other relevant certifications preferred.
Required Experience Security Program Development:
nalyze the current state of the Division's security program and design future states, creating a roadmap for implementation. Develop a business case and key performance indicators (KPIs) and socialize the security program within the Division. Security Policy Management: ssess, manage, and improve security policies and procedures to align with industry best practices and organizational objectives. dvise on security decisions and direction based on the Division's vision and mission. Collaboration and Strategy Development: Collaborate with other Division Architects and the Security Operations Manager to develop global security strategies based on industry best practices. dvise on security decisions and direction based on a deep understanding of the Division's vision and mission. Security Architecture Development:
Develop and maintain a security architecture process aligned with business and technology drivers. Create security strategy plans and roadmaps based on enterprise architecture practices. Security Standards and Procedures:
Draft security procedures and standards for executive management approval or authorization by the Cabinet CISO. Determine baseline security configuration standards for operating systems, network segmentation, and identity and access management. Risk Assessment and Response:
Perform risk assessments, advise on risk response strategies, and identify security issues from system integration. Conduct or facilitate threat modeling of services and applications to mitigate associated risks. Collaboration and Coordination:
Coordinate with DevOps teams to advocate secure coding practices and escalate concerns about poor coding practices. Liaise with privacy and compliance officers to document data flows of sensitive information and recommend appropriate controls. Security Operations Support:
Support internal security controls testing and validation as directed by the CISO or internal audit team. Review security technologies, tools, and services and recommend their use based on security metrics. Security Infrastructure Implementation:
Evaluate, select, and implement security technologies, tools, and solutions to enhance the organization's security posture. Configure and deploy security infrastructure components such as firewalls, intrusion detection/prevention systems, endpoint protection, encryption, and authentication mechanisms. Incident Response and Forensics:
Develop incident response plans and procedures to mitigate security incidents effectively. Conduct post-incident analysis and forensic investigations to identify root causes and prevent future occurrences. Security Awareness and Training:
Develop and deliver security awareness training programs to educate employees on security risks and best practices. Provide ongoing support and guidance to staff regarding security-related inquiries and concerns Understanding information security regulations, including the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), ISO 27001, COBIT NIST, and ITIL. Maintaining security, assessing and evaluating security, and doing security incident forensic work. Knowledge of vendors and their products, including: Experience with Government agencies, particularly the Department of Defense (DoD), on information security matters. Experience with Government Classified systems and the associated security requirements. Updates job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations. Proficiency in Microsoft Office Suite (Word, Excel, Outlook, etc. Innovative and creative mindset Basic network security knowledge (general principles) Excellent documentation and communication skills. bility to organize tasks into milestones and successfully execute to project completion. Can work independently with little direct supervision. General cyber-security understanding Preferred Education & Experience: Bachelor's degree in computer science, Information Security, or related field; advanced degree preferred. Proven experience (5+ years) in information security architecture, design, and implementation. Candidates with one or more of the following certifications are a plus: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), or other relevant certifications preferred.