Overall Objective and Purpose

Responsible for providing consultative, technical research and analytical support in one of the following areas of information security:

• Assessments for site related effort, either jurisdiction or enterprise locations
• Trends, standards, best practices, concepts and solutions
• Product design, selection, configuration, hardening, optimization, and maintenance
• The information security architect partners with stakeholders across the organization to securely achieve the functional and non-functional requirements of business initiatives.

Responsibilities

• Assists Manager in providing for the safekeeping and integrity of enterprise assets by maintaining systems and controls that prevent unauthorized access, modification, disclosure, and/or deletion of information from production systems networks and resources.
• Understands the ISMS policy and procedures and is able to use that knowledge to provide insight when assessing and configuring security tools.
• Advises Manager of changes in technical, legal and regulatory arenas affecting information security and computer crime.
• Provides advocacy during the design and development of network security focusing on firewalls, Intrusion Detection Systems, Digital Signatures, Certificate Authorities, PKI’s, encryption schemas, routers, and centralized authentication and access control software.
• Provides security alerts on hardware/software as they become available.
• Monitors and alerts on changes in hardware, software, telecommunications, facilities, and user requirements for enterprise to ensure that security is not compromised or degraded.
• Supports audit activity associated with enterprise tool compliance management
• Leads the design & establishment of the Information Security Management System
• Leads maintenance and assessment of ISMS as pertains to enterprise.
• Serves as a security technical analyst and advisor on company initiatives to evaluate new technology resources for program compliance by effectively testing solutions using industry standard evaluation criteria, which includes the delivery of formal papers and technical reports on test results and findings.
• Participate in solution architecture design; lead security efforts assisting with the integration and initial implementation of solutions.
• Serve as an information security subject-matter expert; provide advisory and consulting services as needed.
• Stay abreast of new security technologies and integrate them into the security architecture design where appropriate.

Scope

• Complexity: Functions Responsible for or Influenced
  • High – Influence on Information Security across the organization
• Diversity: Locations Responsible for or Influenced
  • High - Influence on enterprise
• Typical Job Problems and Difficulties
  • Ensuring the security of the company’s security policy across multiple sites, platforms and customers
• Financial Accountability

General

• Extent decisions governed by procedures or referred up
  • Low - some actions are dictated by policy / procedure or complex issues must be escalated to management for resolution
• Standard requirements for research and analysis
  • Provides security architecture research and analysis in a liaison capacity to all areas of technology development & infrastructure within any Systems Solutions & Delivery organization.
• Opportunity and consequence of typical errors (supervision)
  • Frequent with high impact – systems are used globally
• Frequency and complexity of internal business contacts
  • Frequent with high complexity – deal with business issues on a daily basis
• Frequency and complexity of external business contacts
  • Networking with agencies and CSIRTs outside the organization to stay abreast of threats and countermeasures.
• Physical (% time: travel, operating machinery, environmental etc.)

Education

• Minimum education
  • Bachelor's degree or equivalent experience.
  • Bachelor's degree in computer science, MIS, or related field preferred
• Years Experience
  • 5 years experience in information security
  • Expert-level knowledge of security architecture principles, frameworks (e.g., TOGAF) technologies.

• Essential special training requirements
  • CISSP certification desired, SANS - GIAC certification is a plus.
  • Proven and demonstrated accomplishments in the Information Security field. Member of various Information Security Organizations (i.e., ISSA, SANS, ISC2, ESF, etc.) preferred.

Other skills

• Excellent verbal and written communication skills.
• Must have excellent project management skills, including the ability to plan, organize, & prioritize multiple projects to ensure target dates & goals are achieved.
• Experience with Networking Security,; practical experience with firewalls; perimeter protection, virtual private networks (VPN); intrusion detection in depth; advanced incident handling and forensics practices.
• Working knowledge of graphic applications used for flow-charting and infrastructure depiction such as Visio and demonstrated ability to produce high quality documentation.

Keys to Success

• Building collaborative relationships
• Decision making
• Drive results
• Foster innovation
• Personal energy
• Self-leadership

#LI-DAK