Security Architect

Role : Security Architect

Location : Boston, MA 02108

Type : Long term Contract

Position Summary

The primary responsibility is to implement business and technical controls that meet specific security requirements and to define processes and standards that maintain approved security configurations in the new Financial Solution.

This role ensures confidentiality, integrity, availability, risk management, and compliance of the business solution.

This includes :

• Design and recommend protocols and procedures for monitoring the product vendor’s performance against Service Level Agreement standards regarding data security, annual security audits, and disaster recovery testing.
• Define security policies, processes and standards related to end- user roles, data access for application users, and how users will be provisioned and de-provisioned.
• Provide input on selection, deployment, and oversight of security technologies. The Security Architect will participate in recommending strategies for :
• Monitoring compliance with vendor and IT security policies and applicable laws.
• Defining procedures for investigating and reporting security incidents.
• Contribute in developing, testing, and documenting security procedures, including disaster recovery, business continuity, backups, and incident response.
• Monitoring and assessing business continuity and disaster recovery programs, network penetration, and other tests to assess application vulnerability;
• Working with the BEST Compliance Lead, participate in risk and compliance assessment reviews of the new Financial solution and supporting services and infrastructure.

Required Skills

• In-depth exposure to technical configurations, technologies, and processing environments in one or more projects of similar size and complexity to BEST.
• In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
• Documented experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x and the ITIL, SOX, COBIT and National Institute of Standards and Technology (NIST) frameworks.
• Experience in architecting and implementing cloud-based security solutions.
• Strong knowledge of security tools and capabilities, such as : IDM and SSO.
• Extensive experience in integrating security tools and 3rd party vendor solutions.
• Exceptional planning, organization, communication, prioritization, and business analysis skills.
• In-depth knowledge of risk assessment methods and technologies.
• Proficiency in performing risk, business impact, control, and vulnerability assessments.
• Excellent technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, privilege access management (PAM), data loss prevention (DLP), encryption at-rest and in-transit, multi-factor authentication (MFA), end-point-security, vulnerability scanning and patch management, automated policy compliance tools, and desktop security tools.
• Experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.
• Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Documented written and verbal communication skills.

Preferred Skills

Experience with Software as a Service cloud implementations particularly those in which legacy on premise applications have been migrated to cloud delivery options.

Security solution design and development leveraging multiple security teams with disparate roles and responsibilities using a cloud SaaS solution.

Experience in migrating security solutions from legacy on-premises environment into a cloud solution within a highly regulated environment.

Experience in performing / supporting security audits and compliance validation. Documented ability to interact with personnel at all levels and across all business units and organizations, and to comprehend business imperatives.

Minimum Entrance Requirements

• Bachelor's degree in computer science, system analysis or a related study, or equivalent experience.
• Minimum of five years of design and implementation experience in IT, with a deep knowledge in a minimum of two of the following technical disciplines : infrastructure and network design, application development, application programming interfaces (APIs), middleware, servers and storage, database management, data security, and system administration and operations
• Experience in generation of Security materials, including but not limited to compliance adherence, security operational procedures, security implementation plans, and network and security diagrams.
• Minimum of three years of security architecting design and implementation with security certifications, such as : SIA Security +
30+ days ago