Remote - Enterprise Security Architect

Remote - Enterprise Security Architect

Vacancy expired!

Our great client in Milwaukee, WI has an immediate REMOTE opening for a Enterprise Security Architect. If you are interested please apply with resume to .

PURPOSE

The enterprise architect for security plays an integral role in defining and assessing the organization's security strategy, architecture, planning, and practices. The enterprise security architect will ensure business outcomes are achieved, risk is effectively managed, and technology effectively utilized in support of business strategy.

PRIMARY DUTIES AND RESPONSIBILITIES

The following statements describe the general nature of work performed by people assigned to this job, may not be performed by all individuals in this job, and are not a complete list of all job duties required.

The Enterprise Architect for Security has duties and responsibilities that are wide ranging as one of the most senior technical leadership roles within the organization. Duties and responsibilities range from the core architectural domain, to security engineering and GRC domain specializations, while also encompassing general domains for technology and leadership. Primary duties and responsibilities are broken down into categories or areas below:

Leadership

• High functioning role that collaborates and provides leadership across the entire spectrum of the organization: from business stakeholders to IT leaders and down to the team and individual level
• Successfully engages business and leadership partners in outcome and value focused conversations, effectively communicating, managing, and balancing organizational risk with business value
• Enjoys being a leader, advisor, mentor, and coach for others, while advancing the strategy, planning and development of the architecture, security, and GRC practice areas
• Acts as key strategy and technology aggregator and distributor, effectively and efficiently bridging and linking together different leaders, managers, and stakeholders to drive business outcomes
• Leads, persuades, and wins the trust and respect of others throughout the organization, acting as key trusted advisor and innovator that ensures successful business outcomes
• Thrives in an organizational environment that is undergoing transformations into Agile, DevOps, Cloud, Product and Portfolio management

Architecture

• Translates high-level business objectives into quality architectures and capabilities, aligning and optimizing security and technology strategy with business strategy, value, and outcomes
• Relishes the challenge of architecting, designing, and implementing enterprise capabilities for a hybrid multi-cloud production environment in a regulated financial industry
• Champions creating, maintaining, reviewing, and socializing technology roadmaps, strategies, conceptual architectures, designs, patterns, standards, frameworks, and policies
• Involves and enlists others, closely partnering and collaborating with other EA's using a Lean Architecture approach, representing the EA practice effectively across the organization, and operating independently and with initiative when needed
• Represents the EA practice effectively and comfortably, whether engaging in a familiar technical domain, a non-domain specialization, or broadly on the practice of architecture

Security Engineering and GRC

• Envisions how to ensure business value and business outcomes are achieved while aligning to information security principles, strategies, goals, and effectively mitigating risk
• Enthusiastically engages in a wholistic security practice, developing, implementing, and improving an enterprise security program and the associated strategy, architecture, policies, controls, standards, and change management
• Thinks multi-dimensionally about security engineering, GRC, technology, and architecture
• Engages other subject matter experts deeply while able to also explain complex and technical topics to those without a technical background
• Effectively and wholistically relates, connects, and integrates security engineering concerns, approaches, and practices with governance, regulatory, and compliance (GRC) concerns
• Accurately assesses if security requirements and controls for products, programs, and projects have been achieved, ensuring successful business outcomes and advising how to minimize risk
• Passionately builds security, compliance, and automation into capabilities via DevOps practices, such as IaaC, CI, CT, CD, secure coding, and code analysis
• Analyzes the intersections of strategy and design for data, application, infrastructure, and security architectures to facilitate security best practices and generate opportunities to enhance security and reduce risks
• Eagerly consumes, provides insights, and communicates new developments, threats, trends, and approaches for security engineering, technology, GRC, and architecture; brings thought leadership around recent trends, evolutions, innovations, and opportunities

Technology

• Leads, coordinates, and supports integration of new technologies, migration implementations, and major upgrades
• Stays current on knowledge for general technology fundamentals: Infrastructure, Applications, Data and Analytics, Operations, Cloud, etc.
• Explorer who identifies, proposes, leads and/or supports in technical proofs-of-concepts
• Occasionally assists in providing support or incident response across various platforms and technologies on an enterprise-wide level; if a significant event occurs, 24/7 availability or working off-hours may be required
• Responsible for additional responsibilities as assigned

QUALIFICATIONS

Education:

Bachelor's in Computer Science or Technology desired

Master's Degree in InfoSec desired

Relevant experience may be substituted for education

Required Knowledge:

Architecture Domain

• Enterprise level experience with the practice of architecture at an enterprise-wide scope that engaged and aligned business, technology, and security stakeholders to achieve business value
• Proven track record for producing documentation, artifacts, designs, diagrams, and presentations for technical and non-technical audiences
• Knowledgeable of and practical hands-on experience with architectural frameworks (Lean, LEAF/LEAD, etc.), standards, polices, processes, procedures, guidelines, models (CMMI, etc.), and methodologies
• Knowledgeable of and experience with architectural concepts, deliverables, and artifacts (Roadmaps, Conceptual Architectures, Solution Designs, Diagrams logical, topological, etc.)

Security Domain

• Knowledgeable of and practical hands-on experience with major security frameworks (NIST 800 Series, NIST CSF, etc.), minor frameworks, standards, polices, procedures, guidelines, models, and methodologies (CIS, OWASP, etc.)
• Knowledge and experience with multiple security engineering focused capabilities and/or practices (IDR, ZeroTrust, CASB, etc.)

Governance, Regulatory, and Compliance (GRC) Domain

• Experience with governance, regulatory, and compliance frameworks, standards, polices, regulations, procedures, and guidelines (SOX, PCI, CCPA, NYDFS, etc.)
• Experience with multiple GRC focused capabilities and/or practices such as regulatory compliance, internal and external audit, Privacy, PII, etc.
• Experience with guidelines, policies, procedures, control objectives, controls, maturity models and baselines

• Ability to effectively link higher level GRC practices (regulations, statutes, etc.) to security frameworks and practical concerns, such as control objectives, controls, baselines, etc.

Certifications:

Helpful, but not required, to have one or more of the following certifications: PCI ASV, CISSP, ISSAP, ISSEP, CRISC, GCED, GSNA, SSCP, GPEN, CEH or equivalent

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or .