ZipRecruiter
posted 19 days ago
Full-time - Senior
About the position
The Lead Information Security Architect is responsible for developing and maintaining a comprehensive information security architecture program that encompasses various technical disciplines. This role oversees cybersecurity for the company's digital products and implements a product security program to address cybersecurity throughout the product life cycle. The architect will identify and mitigate technical and operational threats while ensuring compliance with regulatory guidelines and industry best practices.
Responsibilities
- Develop an architectural vision to support the continued growth of the product suite.
- Implement a product security program addressing cybersecurity across all stages of the product life cycle.
- Identify and oversee the mitigation of technical and operational threats.
- Analyze the security, supportability, and feasibility of new technology.
- Ensure conformance with regulatory guidelines and industry best practices.
- Provide security expertise and direction on projects related to cloud architecture and design.
- Work with governance teams to establish automated processes and best practices for AWS, Azure IAM policies, roles, federation, etc.
- Conduct automated or manual security validation of cloud templates and/or cloud infrastructure.
- Collaborate with business units and corporate partners to ensure solutions align with organizational policies and information security standards.
- Develop, establish, enforce, and sustain the Information Security Architecture, including standards and guidelines for infrastructure solutions and technologies.
- Partner with stakeholders to assess IT application & infrastructure portfolios and design future state strategies.
- Make recommendations on the strategic use of technology for leveraging business results.
- Minimize architectural components and total cost of ownership while maintaining functional flexibility, reliability, and security.
- Facilitate and steward the documenting of the architecture design and analysis work.
Requirements
- 8+ years' experience dedicated to information security architecture required.
- Expert knowledge in building defense in-depth reference architecture.
- Required industry security certification (e.g., CISSP, CISM, CISA, CCSP, etc.).
- Familiarity with information management practices, system development life cycle management, IT services management, agile and lean methodologies.
- Knowledge of business ecosystems, SaaS, IaaS, PaaS, SOA, APIs, open data, microservices, event-driven IT, and predictive analytics.
- Hands-on experience with Cloud Technologies AWS, Azure & GCP.
- Good understanding of security management solutions, including IDS, IPS, SIEM, Vulnerability Scanning, Denial of Service, and Continued Compliance.
- Experience with attacks and mitigation methods in network protocols, operating system internals, web application security, security assessments, authentication, applied cryptography, and incident response.
- Extensive experience in developing strategic information security plans.
Nice-to-haves
- Experience in managing and contributing to incident response.
- Excellent analytical skills, organizational, time management, and problem-solving skills.
