Architect, Information SecurityInformation Technology Dallas, Texas
Summary of Responsibilities:
The Architect – Information Security serves the company as an advisor on best practices and is responsible for designing and effectively implementing enterprise security strategies, architectures and solutions that guide IT security direction. They may assist the Principal Information Security Architect who is accountable for the security architecture across a variety of applications or domains and assigned to project/initiatives of large size, complexity and risk. The Architect – Information Security develops actionable security blueprints, principles, models, designs, standards and guidelines to ensure enterprise information technology architecture is consistent, usable, secures and adds value to the business. Interacts with vendors, IT and business area contacts to facilitate flexible, scalable and cost effective and secure solutions. Also provides technical guidance and recommendations to other Information Security team members.
- Strategy & Architecture – Responsible for or assists with the design and implement-ation of security strategy, architecture and platforms. Evaluates strengths and flaws in Security Architecture designs including performance, confidentiality, integrity, availability, access and total cost of ownership. Accountable for adhering to enterprise architecture standards, ensuring security technology standards and best practices are maintained across the organization and contributing to enterprise architecture strategy-setting.
- Information Security Risk Management – Participates in information security risk management processes, program and strategy. Responsible for ensuring necessary security controls are part of technical designs. Participates in security governance processes.
- Process Improvement – Promotes implementation of new technology, solutions and methods to improve business processes, efficiency, effectiveness and value delivered to customers. Ensures operational, architectural and design documentation including procedures, task lists, and architecture blue prints.
- Project Participation – Participates on project teams contributing input with regard to security standards and the impact to technology. Assists with the assessment of project risk and complexity. Facilitates project handoffs including preparing documentation, educating and supporting to ensure smooth transitions.
- Due Diligence – Responsible for or assists with enterprise due-diligence activities including security monitoring and security metrics to evaluate effectiveness of the enterprise security program and established controls.
- Incident Response – May troubleshoot, recommend and execute action plans for issue resolution. May participate in investigation and report contribution of security threats and incidents. May assist in conducting post-event reviews of security incidents.
- Subject Matter Expert – Serves as security architecture subject matter expert to business areas, project teams and vendors to apply and execute appropriate use of technology solutions and lead efforts to examine technology vision, opportunities and challenges. Builds consensus around principles of security architecture and interprets and clarifies these principles. Participates in Information Security efforts across all business areas and client groups. Establishes and maintains relationships with IT and business area partners to evaluate designs and controls.
- Vendor/Tool Selection – Participates in the evaluation, selection and implementation of technology solutions including providing detailed analysis of pros and cons and build vs buy options. Selects and designs tools that allow reuse of design components and patterns between projects. Develops actual working solutions or prototypes based on their own designs and resolves any issues that arise.
- Security Trends – Continually works to enhance breadth and depth of knowledge and experience. Benchmarks technology strategies and architectures. Monitors and anticipates trends and investigates organizational objectives and needs. Provides guidance on security solutions and prepares benchmarking reports and presentations.
- Staff Development – Provides technical guidance to other IT and Information Security team members.
- Special projects as requested
- Performs other duties as assigned
·Ten (10) or more years of experience in multiple domains of Information Security
·Five (5) to seven (7) years of management or leadership experience
·Three (3) or more years of work experience as an Information Security Architect or Consultant working on progressively complex IT projects preferably in financial services environments.
·Bachelor’s degree in an IT related field or equivalent work experience
·Expertise in Information Security procedures.
·Expertise in control frameworks and control objectives
·In depth experience with common information management systems
·Experience and understanding of a variety of operating systems
·In-depth knowledge of development practices of security technologies
·Demonstrated experience with defense in depth, trust levels, privileges and permissions
·Demonstrated ability to understand overall IT strategy and apply/implement IT strategy in assigned projects/initiatives
·Advanced knowledge of and demonstrated experience applying current and emerging technology security solutions and trends including security and regulatory industry requirements
·Highly developed proficiency in creating architectural designs for complex and scalable designs
·Demonstrated effective decision-making skills related to implementing security architecture and design
Work Environment Characteristics:
·Highly adept at consulting, negotiating, communicating, consensus building, presentation and facilitation
·Demonstrated ability to learn from mistakes and apply constructive feedback to improve performance
·Highly adept at innovating and thinking beyond established standards and processes
·Demonstrated leadership skills through project or technical leadership experience
·In-depth business process knowledge of several key business functional areas
·Ability to communicate highly complex technical information clearly and articulately for all levels and audiences
- Large complex multi-national Financial Services industry related experience
- Information Security certifications (CISSP-ISSAP, CISSP-ISSEP, CISSP)
Major Challenges and Role Context:
- Fast paced environment requiring execution of multiple simultaneous deliverables.
- Indirect reporting structure with conflicting deliverables and timelines.
- Influence stakeholder compliance of regulatory standards while managing deadlines.
- Dallas based position (with limited telecommuting).
- Minimal travel required (<15%), Domestic
- Support 6500+ users across North America.
- Extended working hours may be required as dictated by management and business needs.
- Travel to multiple facilities may be required.
- May be required to lift, push, or pull materials weighing up to twenty (20) pounds.
- May be required to sit and review information on a computer screen for long periods of time.
- May require repetitive motions of the hands and wrist related to writing and typing at an electronic keyboard.
- Corporate / satellite office role.
This job description does not list all the duties of the job. You may be asked by your supervisors or managers to perform other duties. You will be evaluated in part based upon your performance of the tasks listed in this job description.
The employer has the right to revise this job description at any time. This job description is not a contract for employment, and either you or the employer may terminate employment at any time, for any reason.