Cyber Security Architect

Job Requirement-

Qualification: (Summary)

• Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, Engineering, or equivalent experience

• 8 years of cybersecurity or IT experience with strong enterprise architecture exposure

• Demonstrated expertise across IAM/IGA, PAM, DLP, Application Security, and PKI

• Strong communication, documentation, and strategic planning skills

Licenses/Certifications

Required: From the list of certification vendors, 3 related Information Security professional certification or ability to obtain via self-study within one year of hire date (ex: (ISC)2, GIAC, ISACA, CompTIA, e-Council, etc.).

Required: ITIL v3 and three or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP).

Related Experience

Required: 8 years of related Cyber Security or IT experience (Information Systems Audit or Assessor role, Information Security role, systems management, systems administration, information systems security, system certification, risk analysis) with a focus on DLP and/or FIM solutions and security controls.

Required:

• ITIL v3 and three or more of the following or similar Information Security professional certifications (ex: ACE, CCE, CEH, CISA, CISM, CISSP, CRISC, EnCE, GCCC, GCDA, GCED, GCFA, GCFE, GCIA, GCIH, GCWN, GICSP, GMON, GNFA, GPEN, GPPA, GREM, GWAPT, GXPN, OSCP, SSCP).

Possess an expert level of knowledge in the discipline of cybersecurity as well as a high level of competency in architecture, methodologies, and best practices for IAM, Data Protection, and Application and Infrastructure Security concepts, strategies, standards, functions, capabilities, and technologies.

• A solid understanding of fundamental principles of cybersecurity, including threat landscape, vulnerabilities, and risk management.

• Significant high-level system/security engineering experience with broad knowledge across many technologies.

• Knowledge of systems security engineering (SSE) principles and practices.

• Knowledge of secure software deployment principles and practices.

• Knowledge of data classification tools and techniques.

• Knowledge of enterprise architecture (EA) reference models, frameworks, principles, and practices.

• Knowledge of the Open Systems Interconnect (OSI) reference model.

• Knowledge of configuration management tools and techniques.

• Knowledge of Confidentiality, Integrity, Availability, Authenticity, and Non-repudiation (CIAAN) principles and practices.

• Familiarity with relevant security standards and frameworks such as NIST Special Publication 800-53, ISO 27001, and others depending on the industry.

• Knowledge of applicable laws and regulations governing information security, privacy, and data protection.

• Understanding of information technology systems, network architecture, and common technologies to assess security controls effectively.

• Knowledge of security control frameworks and their implementation, including access controls, encryption, and incident response.

• Knowledge of advanced cybersecurity tools and platforms, such as SIEM, IDS/IPS, endpoint protection, and threat intelligence solutions, for effective risk analysis and mitigation.

• Ability to conduct comprehensive risk assessments, identifying and analyzing security risks to information systems.

• Technical skills to assess security controls, perform vulnerability assessments, and understand the technical aspects of security implementations.

• Strong communication skills to effectively convey assessment findings, risks, and recommendations to technical and non-technical stakeholders.

• Ability to create clear and detailed documentation, including assessment plans, reports, and recommendations.

• Critical thinking and problem-solving skills to analyze complex security issues and recommend appropriate solutions.

• Keen eye for detail to identify vulnerabilities, weaknesses, and discrepancies in security controls and documentation.

• Ability to adapt to evolving cybersecurity threats, technologies, and regulatory requirements.

• Ability to analyze complex datasets and identify trends and patterns that could indicate cybersecurity risks or vulnerabilities.

• Adherence to ethical standards and professionalism, as SCAs often have access to sensitive information and play a critical role in maintaining the integrity of security assessments.

• Collaboration with various stakeholders, including system owners, security teams, and management, to ensure a comprehensive understanding of the information system and its security controls.

• Commitment to continuous learning and staying updated on the latest.

WORKING CONDITIONS

Normal working condition with occasional weekend and overtime requirements, including on-call rotational support.