Information Security Architect/IT Officer, Washington, DC
Our client is seeking a Information Security Architect/IT Officer for a direct hire opportunity in Washington, DC.
- International candidates are encouraged to apply.
- Client will sponsor employment through G4 Visa.
- Client will cover relocation.
Under the general supervision of the Chief Information Security Officer, the Information Security Architect/IT Officer will be the technical authority on information security architecture within the organization.
The Information Security Architect/IT Officer will be responsible for ensuring the design of business solutions meet secure architecture principles and standards. She/he will be responsible for the continuous development of defensible architecture principles and patterns for a rapidly changing digital landscape that is aligned with the organization's information security risk tolerance and are resilient against an evolving threat environment.
The Information Security Architect/IT Officer is expected to advise and influence business and technology decisions on the development and procurement of IT services and products.
- Supports the organization's strategic security architecture vision, including architecture standards and frameworks that are closely aligned with the organization's Business IT strategy.
- Works closely with the business, information risk, enterprise architecture, security technology, and operations teams to ensure business relevant and risk-based definition and application of security architecture standards.
- Coordinates with the organization's enterprise architect to define, publish and maintain the information security elements of the organization's enterprise architecture. These elements will guide IT development and engineering projects in achieving and ensuring confidentiality, integrity, and availability of organization information and systems.
- Ensures the organization's security reference architectures and frameworks are up-to-date, standards-based, relevant, and agile to meet evolving business needs for information security. Reference architectures cover, among others, identity and access management, service-oriented architectures, security logging, monitoring and reporting architectures, network segmentation, security policy, detection and policy enforcement controls, remote access architectures, endpoint strategies, federation, application security architectures, mobility, encryption, key management, secure integration architectures, and cloud security architectures.
- Reviews business and technology service and product architectures, identifies design gaps, and recommends security enhancements.
- Ensures compliance to the organization's security architecture standards through continuous measurement and reporting of compliance and effectiveness metrics to IT management.
- Contributes to the development and maintenance of the organization's information security strategy.
- Promotes continuous awareness and training of information security principles and their application with business and IT stakeholders. Identifies and mentors stakeholders to be champions in developing and maintaining secure architectures.
The candidate must have strong experience in the following areas:
- Defining, implementing and maintaining enterprise security architectures at organizations with regulatory compliance requirements, preferably in the financial, insurance or pharmaceutical industries.
- Business Analysis.
- Information Risk Management.
- Secure System Development.
- Enterprise Architecture Governance and Metrics.
- Enterprise security architecture training for business and IT stakeholders.
- Integration of security architecture standards into project management, service management, information risk, and SDLC frameworks.
- IT Security- in the areas of identity and access management, infrastructure, network, endpoints, applications, and database system technologies.
- Mobility, cloud, virtualization security architectures, including key management and encryption, are key competencies for this individual.
The candidate should also have the following skills:
- Passionate about the field of information security and embrace the spirit of continuous learning and development.
- Ability to quickly grasp modern technologies and how they might be applied to achieve business goals;
- Analytical skills that enable synthesis of inputs from many sources, and allow for strategic thinking and tactical implementation;
- Relationship management and interpersonal skills that create openness and trust among colleagues;
- Facilitation and conflict management skills that enable effective working relationships;
- Spoken and written communications that are compelling, convincing and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders;
- Be a pragmatic security expert with an inherent ability to balance security demands with business reality;
- Ability to think laterally and to have input to/propose detailed, complex solutions to technical issues;
- Personal drive, ownership and accountability to meet deadlines and achieve agreed-upon results; and to actively seek knowledge needed to complete tasks and share knowledge with others, communicating and presenting information in a clear and organized manner.
The candidate should also have familiarity and/or experience with:
- Development and communication of defense in depth enterprise security architecture policies, standards and reference architectures;
- Security architecture principles and models such as SABSA, Zachman, TOGAF, CAESARS; identity and access management technologies- RBAC, SSO, cloud SSO, and federation;
- Software development in Microsoft technologies, including .Net, Azure, Office 365, SharePoint, etc.
- Cryptography: data-at-rest and data-in-transit encryption mechanisms, key management, hardware security module, key management lifecycle, hashing (SDA-1, SDA2), cryptographic standards (AES, PGP, GPG), public key infrastructure, and certificate management.
- Protecting API: REST, SOAP, JMS, MQ, web services, microservices, API broker/gateway
- Authentication and authorization technologies- multifactor, AD, Kerberos, LDAP, fine and coarse-grained authorization, PKI, cryptographic techniques/algorithms, OAuth;
- Web services security- SAML, WS-federation, WS-security, SOA;
- Risk management and control frameworks including ISO 27003, ISO 31000, NIST SP 800-53, COSO, and COBIT; IT GRC tools.
- Threat modeling techniques;
- Infrastructure security: n-tier architectures, firewalls, intrusion detection/ prevention tools, endpoint security, application whitelisting, network admission controls, policy detection and enforcement controls, web application firewalls, proxies, SOA firewalls, reverse proxies, server, software-defined network (SDN) and network security controls (Windows/LINUX/AIX), database security (SQL DB/ Oracle/ NoSQL);
- Cloud security: cloud service model (e.g., SaaS, PaaS, IaaS), public cloud environments (Microsoft Azure, Amazon Web Service, Force.com, Google Cloud Platform), cloud reference architecture and framework (ISO 17789, ISO 27017, ISO 27018), virtualization security (hypervisor, container, serverless), cloud data lifecycle, and Cloud Access Security Broker CASB. Mobile security controls and threat management
- Application security frameworks such as OWASP, BSIMM, OpenSAMM;
- Security monitoring: SEIM, ArcSight, Elastic Stack, and advanced correlation logic.
- Data management: big data, data analytics, and data warehousing,
- CISSP or SABSA (SCPA) certification is required.
- Additional certifications like CISM, ISSP-ISSEP, CSSLP, CCSK, CCSP, or GSSP are preferred.
- A minimum of 6 years’ experience as an Enterprise information security architect delivering pragmatic defense in depth architecture that guide and secure solution/posture delivery
- Advanced degree in Information Security and minimum 10 years’ progressive work experience in the field of information security.
- Only those individuals selected for an interview will be contacted.
- No calls, inquiries, or Third Party Vendors please.
- We are an equal opportunity employer (Unable to sponsor H1B Visas).
Since 1988, The ACI Group, a Baltimore-based IT staffing firm, has been committed to hiring the industry’s leading professionals, and presenting exciting career opportunities. We have access to varied types of contract, permanent and contract-to-perm positions and offer a choice of employment options including a full benefits package.