Enterprise Information Security Architect

Enterprise Information Security Architect

Remote Job |   2022-05-25 10:49:26

Apply Now

Share Job 

Job Code : LOBLOLLY13

Enterprise Information Security Architect
Houston, TX (Remote)
12+ month Contract

Under minimal direction, the Enterprise Information Security Architect will help to ensure cybersecurity risks and threats are proactively identified and addressed to maintain the protection of information systems, critical assets, and network security infrastructure.

Job Duties and Responsibilities:
•    Plans, researches, and designs a robust cybersecurity architecture for Infrastructure projects
•    Aligns security strategy with overall business and technology strategy
•    Develops solutions that align cybersecurity requirements with business requirements
•    Demonstrates in-depth knowledge and understanding of the global threat landscape, cybersecurity trends, emerging technologies and an ability to relate them to the county and its objectives
•    Weighs business needs against security concerns and articulates issues to management and stakeholders
•    Regularly communicates vital information, security needs, and priorities to senior management
•    Leads the evaluation, design, and implementation of new security solutions and technologies
•    Provides guidance on designing and implementation of secure solutions for new and existing systems in response to ongoing changes in the Harris County enterprise, peer organizations, and the security landscape.
•    Builds security infrastructure from the ground up or updates existing systems in response to ongoing changes in the Harris County enterprise, peer organizations, and the security landscape
•    Identifies security design gaps in existing and proposed architectures and recommends changes or enhancements
•    Works on multiple projects as a subject matter expert, including projects or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments
•    Conducts threat intelligence, communicates current and emerging security threats, and designs security controls to mitigate threats as they emerge.
•    Conducts or supervises multiple enterprise-wide vulnerability testing and security assessments.
•    Reviews firewall rules and network diagrams, and recommends approval or disapproval of installation of firewalls, VPNs, routers, IPS/IDS scanning technologies, and servers.
•    Effectively communicates security vulnerabilities and risks to issue owners and assists in remediation efforts.
•    Develops procedures, educational/training materials, strategy/technology roadmaps, Request for Proposal/Offers (RFP/RFO's), metrics/measures packages, reports, project plans, and communications and executive presentations with little guidance, as needed to support the overall delivery of cybersecurity objectives.
•    Designs and implements processes and tools to proactively monitor and govern the effectiveness of Cybersecurity controls and services.
•    Review and apply security controls to Microsoft Azure, cloud-based applications, systems, and technologies.
•    Provide guidance in implementation and execution of a Security Operations Center (SOC) / Security Incident & Event Management (SEIM) platform
•    Develops, manages, and coordinates security risk assessments for third-party vendors and Harris County internally developed applications/systems to protect data/systems and support governance efforts.
•    Supports communication and presentation of Cybersecurity policies, standards, and procedures to stakeholders and articulates information/data governance solution requirements.
•    Participates in the Cybersecurity Incident Response Team (CIRT) investigation and response activities as required
•    Performs other duties as assigned.

Requirements:
•    Associate degree or currently pursuing a degree from an accredited college or university in Information Security, Information Technology, Computer Science, or related field
•    Seven (7) years of progressive work experience in Information Security, Information Technology, Computer Science, or related field
•    Direct experience designing, implementing and executing cybersecurity solutions, processes, tools, and technologies across complex, large-scale environments, all the way from project initiation to the desired end state of operationally healthy and sustainable services
•    Experience designing, implementing, and executing network, vulnerability, threat, or incident management processes
•    Experience validating, analyzing, and prioritizing reported vulnerability and security risks
•    Experience in security event analysis, monitoring and response technologies, and processes

OR

•    Bachelor's degree from an accredited college or university in Information Security, Information Technology, Computer Science, or related field
•    Five (5) years of progressive work experience in Information Security, Information Technology, Computer Science, or related field. Direct experience designing, implementing and executing cybersecurity solutions, processes, tools, and technologies across complex, large-scale environments, all the way from project initiation to the desired end state of operationally healthy and sustainable services
•    Experience designing, implementing, and executing network, vulnerability, threat, or incident management processes
•    Experience validating, analyzing, and prioritizing reported vulnerability and security risks
•    Experience in security event analysis, monitoring and response technologies, and processes

Knowledge, Skill & Abilities (KSAs):
•    A broad understanding of cybersecurity concepts across all domains, applicable security frameworks (e.g. NIST and CIS Critical Security Controls) and regulations (e.g. PCI, HIPAA and CJIS)
•    Ability to confront challenges in a constructive fashion and influence others through consensus building techniques
•    Ability to consult with business and technology partners on general security requirements and best practices

Preferences:
Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), CompTIA Security+ Certification or related certification

Knowledge, Skill & Abilities (KSAs):
•    Hands-on experience operating vulnerability scanning, incident detection & response (IDR) or penetration testing tools
•    Strong knowledge and experience with Microsoft Azure, cloud based applications, systems and technologies
•    Experience with Security Operations Center (SOC) SIEM operations.
•    Experience in threat intelligence gathering, research, and analysis
•    Experience participating in Cybersecurity Incident Response Team (CIRT) activities
•    Exceptional leadership, verbal and written communication, and project management skills
•    Strong technical writing, research, analysis and analytical/problem-solving skills
•    A passion for cybersecurity, self-starter mentality, flexibility and willingness to take on new challenges and the ability to thrive in a team environment