The Nature Conservancy
Principal Information Security Architect
The Nature Conservancy, Washington, District of Columbia, us, 20022
Principal Information Security Architect
The Principal Information Security Architect is a member of the Information Security Risk Management Team and establishes, maintains, and facilitates the implementation of security standards, baselines, and security best practices within TNC's information technology environment. This role will also work alongside the Enterprise Architecture function, IT Operations, and DevOps teams to design the security aspects of IT systems as part of IT-led project teams and will conduct project-level security design reviews, working closely with members of Information Security's Red Team, to identify infrastructure security risks during system design and implementation and to recommend mitigations. A significant focus for the position will be on public cloud provider-related security standards and this role will work in close partnership with the Cloud Center of Excellence function to provide that expertise. We're Looking For You:
- Experience in design review of application, networking, and cloud-based infrastructure from a security context. - Experience creating, implementing, and refining security policies. - Experience establishing and maintaining security baselines, patterns, and best practices with a varied set of technologies including server, application, networking, endpoint, and public cloud infrastructure. - Experience with endpoint configuration management tools and endpoint baseline management. - Ability to use an evidence-based approach to security design and risk management. - Experience with using architectural diagraming concepts and tools. - Understanding of information security risk management concepts. - Understanding of core cloud solution components (e.g., service, compute, storage, and network) with a specialty in security, networking, and data access, and general knowledge of cloud developer capabilities. - Knowledge of software and product development lifecycle practices. - Experience working across teams with technical and non-technical staff. - Ability to communicate complex concepts to a variety of audiences and build consensus on a path forward. What You'll Bring:
- Bachelor's degree in a relevant technical discipline or equivalent technical experience. - 6 years' experience as a business professional in IT or related field. - Experience in analyzing, defining, and documenting complex systems requirements. - Experience in communicating effectively with internal and external audiences. - Experience with system life cycle and project management principles, best practices, and concepts. - Experience configuring, operating, or auditing Public Cloud technology including AWS or Microsoft/Azure offerings for Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS). Desired Qualifications:
- Experience with security controls standards such as NIST 800-53, ISO 27001, Cloud Security Alliance Cloud Controls Matrix, Center for Internet Security Critical Security Controls. - CI/CD software systems knowledge. - Experience with Agile tools and concepts. - Certifications such as GSEC, GDSA, Associate of (ISC)2, Microsoft MCA, AWS Certified Security Specialty.
The Principal Information Security Architect is a member of the Information Security Risk Management Team and establishes, maintains, and facilitates the implementation of security standards, baselines, and security best practices within TNC's information technology environment. This role will also work alongside the Enterprise Architecture function, IT Operations, and DevOps teams to design the security aspects of IT systems as part of IT-led project teams and will conduct project-level security design reviews, working closely with members of Information Security's Red Team, to identify infrastructure security risks during system design and implementation and to recommend mitigations. A significant focus for the position will be on public cloud provider-related security standards and this role will work in close partnership with the Cloud Center of Excellence function to provide that expertise. We're Looking For You:
- Experience in design review of application, networking, and cloud-based infrastructure from a security context. - Experience creating, implementing, and refining security policies. - Experience establishing and maintaining security baselines, patterns, and best practices with a varied set of technologies including server, application, networking, endpoint, and public cloud infrastructure. - Experience with endpoint configuration management tools and endpoint baseline management. - Ability to use an evidence-based approach to security design and risk management. - Experience with using architectural diagraming concepts and tools. - Understanding of information security risk management concepts. - Understanding of core cloud solution components (e.g., service, compute, storage, and network) with a specialty in security, networking, and data access, and general knowledge of cloud developer capabilities. - Knowledge of software and product development lifecycle practices. - Experience working across teams with technical and non-technical staff. - Ability to communicate complex concepts to a variety of audiences and build consensus on a path forward. What You'll Bring:
- Bachelor's degree in a relevant technical discipline or equivalent technical experience. - 6 years' experience as a business professional in IT or related field. - Experience in analyzing, defining, and documenting complex systems requirements. - Experience in communicating effectively with internal and external audiences. - Experience with system life cycle and project management principles, best practices, and concepts. - Experience configuring, operating, or auditing Public Cloud technology including AWS or Microsoft/Azure offerings for Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS). Desired Qualifications:
- Experience with security controls standards such as NIST 800-53, ISO 27001, Cloud Security Alliance Cloud Controls Matrix, Center for Internet Security Critical Security Controls. - CI/CD software systems knowledge. - Experience with Agile tools and concepts. - Certifications such as GSEC, GDSA, Associate of (ISC)2, Microsoft MCA, AWS Certified Security Specialty.