Security Architect

Location: Saint Paul, MN

Job Description:
Client s seeking a resource to conduct comprehensive audits of data systems including its infrastructure, policies and procedures, to assure:

• all data meets or exceeds federal Criminal Justice Information Services (CJIS) security guidelines;
• are Payment Card Industry (PCI) compliant; and
• meet or exceed current "best practices" regarding driver's license and motor vehicle data security; and to serve as a Local Agency Security Officer (LASO)

Responsibilities:

• Assist with evaluation of architecture interfacing with other state/federal/local systems.
• Assist with assessing the security of any equipment needed.
• Assist with the evaluation of data integrity and data security.
• Assist with ensuring all background check compliance is met for all project team members.
• Assist with creating procedures to ensure the proper access rights are granted.
• Assist in building User Acceptance Testing (UAT) scenarios to ensure security requirements are properly tested and documented.
• Assist with architecture reviews of all environments.
• Assist with the evaluation and testing of disaster recovery plans.
• Assist with the development of change management processes and procedure projects.
• Provide written documentation and recommendations.
• Review agency network diagrams and access control lists (ACL) for compliance with CJIS Security Policy and CJDN Security Policy.
• Audit identity and access management to assure they are properly managed and maintained for all systems utilized to access driver's license and motor vehicle registration data; and recommend remedial action when required.
• Audit the driver's license and motor vehicle systems for PCI compliance; and recommend remedial action when required.
• Work with agencies and other government entities to ensure driver and vehicle data is accessible for utilization for mission critical functions while maintaining all security requirements.
• Analyze security needs for all projects, systems, and systems that interface with
• Transition and train new security staff for duties including:
• Deputy Registrar Security
• Identity Access Management (IAM)
• PCI Compliance
• Policy Auditing

Securities duties will include:

• Deputy Registrar Security
• IAM
• PCI Compliance
• Policy Auditing
• Physical Security of Facilities
• Fraud and Investigations
• ADLMV Management
• Technical Review/Architect

The LASO duties will include:

• Identify who is using the CSA approved hardware, software, and firmware and ensure no unauthorized individuals or processes have access to the same.
• Identify and document how the equipment is connected to the state system.
• Ensure that personnel security screening procedures are being followed as stated in FBI CJIS Security Policy and the JIS 5002 policy
• Ensure the approved and appropriate security measures are in place and working as expected.
• Support policy compliance and ensure the CSA ISO is promptly informed of security incidents.
• Conduct an annual audit of CJIS compliance and track remediation efforts on any items found
• Maintaining CJIS compliant network architecture
• Properly vetting all individuals with access to DVS physical and logical resources through the access control systems and best IAM practices
• Properly vetting all software and hardware vendors for CJIS compliance
• Working closely with client to utilize enterprise resources when possible and involving client on all technical projects
• Active involvement in all data access requests that may contain CJI to ensure CJI is protected accordingly
• Work through vendor agreements to ensure all security requirements are met or exceeded
• Reviewing client scans of DVS resources and monitoring identified vulnerabilities and remediation efforts.

Required Skills:

• Six (6) years' experience in a security architect or engineer role.
• Three (3) years' experience in network engineering, including firewall management.
• Four (4) or more engagements, within the last ten (10) years, in a security architect or engineer role where the engagement was longer than three months each.
• Three (3) years' experience in CJIS and RealID security environment.
• Three (3) years' experience in and documented IT Security in law enforcement background.
• Experience with the design and implementation of information systems, in organizations with more than 50 people, with an emphasis on data, network, and infrastructure security.
• CJIS Certification completed and up-to-date.