Address
Form of workJob Description
Enterprise Security Architect
Indianapolis, IN (onsite expectation)
Full time/ Direct Hire
~$130k annual salary
Industry certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Security Essentials (GSEC), Certified Information Security Manager (CISM), etc., strongly desired.
Key Responsibilities
- Helps to set strategic direction for information security initiatives, processes, and standards
- Establishes enterprise architecture standards, processes and procedures based on industry standards
- Researches, evaluates, and drives next-generation security technologies and concepts to keep supported Enterprise Security Architecture ahead of the curve
- Builds relationships and collaborates with other Enterprise Architects and functional areas across ISA to ensure all visions are aligned and in compliance with the ISA enterprise information security program
- Conduct and attend project meetings to provide security and governance input throughout project lifecycles
- Influence decision-makers in the areas of secure network design, access/authentication controls, IaaS (Infrastructure As A Service) and others
- Coordinate the creation and annual review for unit-level disaster recovery (DR) and business continuity plans (BCP); Provides advice in consultation with Infrastructure team for IT solutioning for business continuity
- Creates, refines, delivers, and evangelizes information security standards to be used throughout the enterprise that balance business needs and external requirements
- Ensure through creation or delegation that all security-related documentation is complete, current, and stored appropriately
- Analyzes enterprise-wide development needs and management of an architecture governance process
- Autonomously prepare reports and audit findings remediation plans in response to Internal audits, penetration tests or vulnerability scans
- Reports to executive team the effectiveness of data security as implemented by internal and external business partners and makes recommendations for the adoption of new procedures or controls.
- Participates in security event investigations producing Incident Response Documentation and ensure corrective actions are implemented
- Creates end-to-end security solutions involving a mix of technical and organizational requirements
- Monitors changes in the legislative, regulatory, and contractual landscape to ensure that the information security program is always at least one step ahead
- Must maintain confidentiality at all times
- This list of duties and responsibilities is not intended to be all-inclusive and may be expanded to include other duties or responsibilities that management may deem necessary from time to time
Minimum Job Requirements and Qualifications
- Bachelor’s Degree in Information Technology, Computer Science, Informatics, Computer Programming, Information Assurance and Compliance, or a related field with ten (10+) years of IT-related work experience in large, complex technical environments.
- Demonstrable experience designing or managing an Enterprise IT security and compliance program.
- Strong understanding of security tenets, such as encryption/key management, network design, access control and incident containment.
- Knowledge of the intricacies related to National Institute of Standards and Technology (NIST) best practices, the SANS Institute’s ten security domains, Payment Card Industry Data Security Standard (PCI DSS) and state privacy laws.
- Ability to maintain strict confidentiality.
- Excellent written and verbal communication skills, including the ability to interact with team members at all levels within City and County Government from the end user to senior leadership.
- Ability to think analytically and creatively.
- Ability to look at all situations objectively.
- Ability to work independently with minimum direction in a fast-paced environment as well as collaborate effectively while maintaining an "options before obstacles" mindset.
Preferred Job Requirements and Qualifications
Experience in other parts of IT as an administrator or engineer in a non-security role. Experience with hosted and cloud services, especially Software-as-a-Service (SaaS) and Platform-As-A-Service (PaaS), and the related security implications and control approaches with an emphasis on hyper-converged systems. Thorough understanding of risk management principles and processes. Industry certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Security Essentials (GSEC), Certified Information Security Manager (CISM), etc. Demonstrable experience in policy and standard creation and acceptance.
Requirements:
