Information Security Architect
Click the Facebook, Google+ or LinkedIn icons to share this job with your friends or contacts. Click the Twitter icon to tweet this job to your followers. Click the link button to view the URL of the job, which then can be copied and pasted into an e-mail or other document.
Lake Forest, IL 60045
Information Security Architect (00001XOD)
The Security Architect will collaborate with partners to enable trusted innovation by embedding information security into the enterprise; improving application and systems security and support efforts to minimize the risk of coding, design, or configuration security vulnerabilities working their way into production environments or presenting a potential point-of-compromise.
- Demonstrate understanding of the following standards: ISO 27001/27002, COBIT, ITIL, NIST
- Demonstrate understanding of regulatory requirements: PCI-DSS, HIPAA/HiTech, SOX and GDPR
- Define security requirements by evaluating business strategies, corporate policies, standards and technology best practices
- Evaluate and implement security controls as related to all solutions (Legacy and Cloud based services including SaaS, PaaS, IaaS)
- Understand layered security model, network security zones and data flows with each solution
- Understand application of security controls: Authentication and Authorization, Encryption, Access Control, Logging and Monitoring, etc.
- Understand Web Application Vulnerability Detection, OWASP Top 10 and SANS CWE/25
- Review solution and software architecture designs to assess risk to data assets
- Demonstrate deep analytical and problem-solving skills across breadth of technologies
- Facilitate static code analysis, dynamic and/or manual security testing utilizing established process and tools
- Provide consulting services and security support to internal business and technical customers
- Review circumstances surrounding security gaps and providing recommendations on corrective actions and define risk to the business information assets
- Validate implementation and test effectiveness of control techniques
- Communicate effectively both orally and in writing
- Articulate security risk and business impact as it relates to security requirements
- Demonstrate strong consultative skills and professionalism
- Interface effectively with technical and non-technical leaders
- Practice good interpersonal and stakeholder management skills
- Understand Information Security as it relates to the business and other areas of IT; understands direct impacts and risks.
- Maintain in-depth knowledge of security issues, techniques and implications across all existing computer platforms.
- Understand current trends in cybersecurity threat
- Evaluate reported breaches for relevancy to ABCs business
- Pay attention to details and record keeping
- Prioritize work load, track milestone dates and consistently meet deadlines
- Practice strong organizational skills with work queue
- Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience.
- Typically requires 5 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and experience designing and deploying security solutions at the enterprise level.
Equal Opportunity Employer/Minority/Female/Disability/Veteran