Information Security Architect - United States
Want to know company name or location? Company managed [?]
- Our company is a leading global provider of products, services and solutions for the diagnostics, food, environmental, industrial, life sciences research and laboratory services markets.
- For example,our company supports the potentially life-saving screening of nearly 40 million newborn babies each year and manages hundreds of thousands of scientific instruments within our lab services business One-source.
- Our strategy is to develop and deliver innovative products, services and solutions in high-growth markets that utilize our knowledge and expertise to address customers’ critical needs and drive scientific breakthroughs.
- To execute on our strategy and accelerate revenue growth, we focus on broadening our offerings through both the acquisition of innovative technology and investment in research and development.
- Our company is optimizing their enterprise IT operations while transforming their business model and needs an experienced, forward-thinking security leader to become their next Information Security Architect.
- The new IS Architect will be responsible for several aspects of the Information Security Program execution, including security policy review, designing, implementing, and maintaining an effective security architecture, reviewing and approving IT and business plans to securely implement technology, and other related activities that help advance the security transformation of the enterprise IT program.
- As our company brings new security functionality to their lab equipment and lab services businesses, the IS Architect will review and approve the security aspects of these products and services. The IS Architect is responsible to the CISO.
Role and Responsibilities:
The Information Security Architect is expected to: ·(Architecture) Develop and institutionalize security architecture(s) for our company Enterprise IT, Business Products and Services, and Manufacturing activities at our company.
- Establish standard architectural and technical capabilities for: applications, Operating Systems, data in motion and at rest; design maintainable security solutions, including cloud services, access administration, cryptographic infrastructures, data leakage and information protection as well as COTS hardware and software, while adhering to industry standards and frameworks.
- Work with the Information Security team on the placement and configuration of key monitoring and prevention tools.
- Determine security requirements by evaluating business strategies and requirements, research information security standards, conduct system security and vulnerability analyses and risk assessments, study reference architectures and platforms, and identify integration issues.
- Assess security threats and vulnerabilities using structured methodologies such as the NIST Cybersecurity Framework or ISO 27001.
- Prepare and maintain security operating procedures and associated documentation.
- Prepare system security reports by collecting, analyzing, and summarizing data and trends, and present this reporting for management review.
- Improve processes by identifying inefficiencies and solutions for process improvements.
- Enhance the reputation of the department and organization by accepting ownership for accomplishing new and different requests, and by exploring opportunities to add value to business strategies and objectives.
- Ensure systems meet our company and other applicable security requirements.
- Write clear guidelines for the implementation engineers, then confirm that the designed security measures have been implemented per the requirements.
- Enhance existing architectural design and competence by planning delivery of solutions, answering technical and procedural questions for less experienced team members, teaching improved processes, and mentoring team members.
- Possess a wide breadth of knowledge across security products, tools, and industry trends, coupled with an ability to create solutions using a pragmatic, risk-based approach.
- Regularly update their knowledge and expertise by tracking and understanding emerging security practices and standards, participating in industry educational opportunities, reading professional publications, maintaining personal networks, participating in professional organizations such as the NH-ISAC, ISO, or SANS.
Knowledge, Skills, Abilities, and Other Characteristics
- Strong knowledge of information security principles and practices.
- Strong knowledge of cloud technologies and architectures, particularly IaaS, PaaS and SaaS.
- Strong ability to act as an “internal consultant”, to assist the Operations and Business units with understanding and applying Cyber security principles while also helping drive the organization’s security priorities into these areas.
- Clear ability to communicate persuasively with senior executives up to C-level.
- Ability to help prepare and justify an information security budget.
- Solid understanding of TCP/IP and networking concepts.
- Solid understanding of Operating System security concepts.
- Solid Understanding of malware, emerging threats, attacks, and vulnerability management.
- Strong track record of effective project management and project delivery.
- Strong deductive reasoning, critical thinking, problem solving, and task prioritization skills.
- Strong service mentality including the resolution of stakeholder escalations and incident management.
- Strong team player who collaborates well with others to solve problems.
- Strong interpersonal, problem solving, and communication skills.
- Ability to work in a virtual team environment.
- Ability to develop detailed process and procedure documentation.
- Ability to present complex solutions and methods to both technical and non-technical stakeholders.
- Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
- At least 8-10 years of experience in information security or related technology experience required, experience in the health and life sciences industry is a plus.
- 1-2 years of experience managing people, and ability to take on the management of a team as the function matures.
- A CISSP, GIAC, or equivalent certification.
- Knowledge of ITIL or another ITSM methodology or certification is a plus.
- Previous experience as a Security Architect, internal Security Consultant, or related capability in a related corporate environment.
- An advanced degree (Master’s or Doctorate) in Information Security is preferred.