Crescens
Title: Information Security Architect
Location: Remote
Duration: 12+ Months
Type: Contract
Note: The candidate will be allowed to work remotely until all staff may be required to return to site. At that point the candidate may be required to come onsite. The candidate will need to come onsite the first day to collect equipment. Do you accept this requirement?
Job Overview: The client requires a senior information security architect specializing in industry standard security, risk, and compliance frameworks to develop security program documentation and policy. Key Responsibilities: Develop, update, and maintain ISO security policies, standards, procedures, and documentation. Provide subject matter expertise on information security governance and compliance frameworks (e.g., NIST, ISO, PCI-DSS, HIPAA). Lead security assessments and audits for enterprise IT and cloud-based infrastructure (AWS, Azure). Drive incident response planning, risk management, and mitigation strategies. Support PCI-DSS assessments and reporting, ensuring merchant-level compliance (L1/L2). Collaborate with cross-functional teams on architectural design and policy enforcement. Perform security gap analyses using frameworks such as NIST CSF, ISO 27001, and NIST 800-53. Provide consultation on IT and security solutions, particularly within the transportation or DMV sector. Required Skills & Experience:
5+ years of experience in enterprise information security roles. Hands-on expertise with: Security technologies (Firewalls, IDS/IPS, SIEMs, Antivirus, Traffic Analyzers). Network security, cryptography, access control, and data protection. Data classification and enforcement. Cloud security design (AWS and/or Azure). Regulatory compliance knowledge (NIST, ISO, FISMA, PCI-DSS, HIPAA, IRS-1075). Experience in: Risk assessments using ISO/NIST frameworks. Developing/leading incident response plans. Supporting audits and providing compliance documentation. Enterprise-class data center environments. Desired Qualifications:
Experience as a PCI-DSS QSA or ISA. Experience with PCI-DSS 3.2+ assessments for L1/L2 merchants. Specific experience with: IBM QRadar SIEM (Highly Desired - 2 years). Tenable Nessus. Client Cyber Security Evaluation Tool (CSET). North Carolina DIT Statewide Information Security Manual. NC DIT Privacy Threshold Analysis (PTA) and Vendor Readiness Assessment Report (VRAR). Consulting experience with state/federal agencies or Departments of Transportation. Familiarity with SABSA or TOGAF frameworks and methodologies. Certifications (Nice to Have):
CISSP - Certified Information Systems Security Professional ITIL Certification SABSA or TOGAF Certification
Job Overview: The client requires a senior information security architect specializing in industry standard security, risk, and compliance frameworks to develop security program documentation and policy. Key Responsibilities: Develop, update, and maintain ISO security policies, standards, procedures, and documentation. Provide subject matter expertise on information security governance and compliance frameworks (e.g., NIST, ISO, PCI-DSS, HIPAA). Lead security assessments and audits for enterprise IT and cloud-based infrastructure (AWS, Azure). Drive incident response planning, risk management, and mitigation strategies. Support PCI-DSS assessments and reporting, ensuring merchant-level compliance (L1/L2). Collaborate with cross-functional teams on architectural design and policy enforcement. Perform security gap analyses using frameworks such as NIST CSF, ISO 27001, and NIST 800-53. Provide consultation on IT and security solutions, particularly within the transportation or DMV sector. Required Skills & Experience:
5+ years of experience in enterprise information security roles. Hands-on expertise with: Security technologies (Firewalls, IDS/IPS, SIEMs, Antivirus, Traffic Analyzers). Network security, cryptography, access control, and data protection. Data classification and enforcement. Cloud security design (AWS and/or Azure). Regulatory compliance knowledge (NIST, ISO, FISMA, PCI-DSS, HIPAA, IRS-1075). Experience in: Risk assessments using ISO/NIST frameworks. Developing/leading incident response plans. Supporting audits and providing compliance documentation. Enterprise-class data center environments. Desired Qualifications:
Experience as a PCI-DSS QSA or ISA. Experience with PCI-DSS 3.2+ assessments for L1/L2 merchants. Specific experience with: IBM QRadar SIEM (Highly Desired - 2 years). Tenable Nessus. Client Cyber Security Evaluation Tool (CSET). North Carolina DIT Statewide Information Security Manual. NC DIT Privacy Threshold Analysis (PTA) and Vendor Readiness Assessment Report (VRAR). Consulting experience with state/federal agencies or Departments of Transportation. Familiarity with SABSA or TOGAF frameworks and methodologies. Certifications (Nice to Have):
CISSP - Certified Information Systems Security Professional ITIL Certification SABSA or TOGAF Certification