Senior Cloud Security Architect

The Information Security Architect - Cloud Security is responsible for developing and maintaining robust Security Architectures and strategies for safeguarding the organization's cloud-based infrastructure, applications, and data. This role requires a deep understanding of Cloud Security technologies, compliance standards, and best practices to ensure the confidentiality, integrity, and availability of sensitive information. The Information Security Architect will collaborate with cross-functional teams to design, implement, and manage security solutions in cloud environments.

Essential Functions 
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.  

Cloud Security Strategy:

• Develop and implement a comprehensive Cloud Security strategy aligned with the organization's business objectives.
• Stay current with emerging Cloud Security threats, vulnerabilities, and trends to proactively address potential risks.
• Actively participate within the ACA Software Committee where software solutions are evaluated for the enterprise 

Cloud Security Architecture:

• Design and document secure cloud architectures, taking into account multi-cloud and hybrid cloud environments.
• Create and maintain security reference architectures, patterns, and guidelines for cloud deployments.
• Understand and participate in the configuration of CloudFormation strategies

Identity and Access Management (IAM):

• Implement robust IAM solutions for cloud services to manage user access, roles, and permissions effectively.
• Enforce strong authentication and authorization mechanisms 

Data Protection:

• Develop strategies for data encryption, tokenization, and masking in the cloud.
• Ensure data leakage prevention (DLP) measures are in place to protect sensitive information. 

Network Security:

• Design and maintain secure network configurations in the cloud, including firewall rules, Virtual Private Cloud (VPC), and network segmentation.
• Implement network monitoring and intrusion detection systems.

Compliance and Governance:

• Ensure cloud environments comply with industry standards and regulations (e.g., HIPAA, PCI DSS, NYDFS, NIST).
• Establish and maintain compliance monitoring and reporting mechanisms.
• Maintain an active role within the ACA Architecture Guild

Security Operations:

• Collaborate with the security operations center (SOC) to define incident response procedures and threat hunting strategies specific to cloud environments.
• Assist with continuous improvement of ACA SOC operations where security logs and events are monitored and analyze to detect and respond to security incidents promptly.
• Ensure appropriate level of alerting is configured across all cloud environments

Security Testing and Assessment:

• Support regular security assessments, vulnerability scanning, and penetration testing of cloud assets.
• Advise upon identified vulnerabilities and assist with translating risk ratings to ACA risk rating.

Security Awareness and Training:

• Develop and deliver Cloud Security training programs for employees and other stakeholders.
• Promote a culture of security awareness and compliance within the organization.

Vendor and Third-Party Risk Management:

• Access security risks associated with cloud service providers and third-party integrations.
  
• Review and recommend security terms within cloud solution contracts (includes SaaS, IaaP solutions)

Strategy Planning:

• Evaluate documented resolutions and analyze trends for ways to prevent future problems
• Research and recommend innovative, and where possible, automated approaches for system administration tasks.
• Identify approaches to solutions that leverage our resources and provide economies of scale
• Keep current with the latest cloud technologies and mentor staff regarding cloud strategies and solutions 

Personal Attributes:

• Ability to conduct research into a wide range of computing issues as required 
• Ability to absorb and retain information quickly 
• Ability to present ideas in user-friendly language 
• Highly self-motivated and directed 
• Keen attention to detail 
• Ability to effectively prioritize and execute tasks in a high-pressure environment  
• Exceptional customer service orientation 
• Experience working in a team-oriented, collaborative environment 
• Have a strong desire to learn continually and grow professionally 
  

Qualifications 

• College diploma or university degree in the field of computer science or management information systems.
• A minimum of 7 years IT experience; at least three of those years focused on IT security, infrastructure, cloud or application-level vulnerability testing and remediation
• Strong understanding of enterprise, network, system, distributed application and application-level security issues. 
• Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols) 
• Understanding of the system hardening processes, tools, guidelines and benchmarks (including Mitre Att&ck framework). 
• Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security 
• Basic knowledge of Linux, Windows, OSX systems 
• Coding and/or scripting experience required (infrastructure as code is the cloud requirement)
• Working knowledge of a range of diagnostic utilities 
• Exceptional written and oral communication skills 
• Exceptional interpersonal skills, with a focus on rapport-building, listening, and questioning skills 
• Strong documentation skills 
• CISSP Certification preferred 
• Cloud Architect Certification preferred
• Cloud Security Certificate required
• AWS Certified Security Specialist Certification and verified experience within the role is a requirement for the senior position within the organization 

Supervisory Responsibility 
This position has no supervisory responsibilities.

Work Environment and Physical Demands 
This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines. 

Position Type/Expected Hours of Work 
This is a full-time position. Days of work are Monday through Friday. The daily schedule may vary from 8 am to 5 pm or 9 am to 6 pm. Hours may vary or exceed 40 in any given week depending on the needs of the business. 

Travel 
Up to 10% travel is expected for this position. 

EEO Statement

ACA provides equal employment opportunities (EEO) to all applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws.  ACA complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

#LI-BP1