Description

Job Description:


The Solutions Security Architect serves as a vital member of the Security Architecture Team, Information Security Office. This position will be part of a team that assists the Office of Information Technology and supported State of Maine (SOM) agencies with meeting the requirements set forth by the Information Security Office. This position provides a broad range of services in strategy and consulting, interactive,
technology and operations, with digital capabilities across all these services. The Solutions Security Architect is responsible for leading the development of information security architecture with focus on application security and ensuring technology initiatives are implemented within the guidelines of industry frameworks including NIST800-53(r5) in order to maintain and improve our environments security posture. They will be accountable for strategic planning, architecture, and securing enterprise information by identifying network and application security requirements, implementing and testing security controls and procedures.
The primary areas of focus for the Solutions Security Architect is to advise the Chief Information Security Officer in developing risk management strategies and multi-year implementation and remediation programs based on business priorities and risks to address cyber Security, cyber Defense and the needs of the enterprise.
To meet these requirements the successful candidate must be knowledgeable about how security architecture fits into the broader security program and understands the security concepts outlined by the National Institute of Standards and Technology (NIST). The successful candidate will adapt and leverage both MaineIT policy and system security technology stack to reduce new or existing risk and assist the team as we work to bolster our security posture.


Key Responsibilities:


 Define information security strategies, including guiding principles and future state vision, ensuring that the strategic objectives are aligned with business goals.
 Develop and implement security policies and standards in alignment with industry best practices, state and federal regulations, and emerging security technologies.
 Collaborate with internal and external stakeholders, including IT teams, vendors, and State agencies, to ensure that security measures are integrated into all technology solutions.
 Provide technical guidance and expertise to IT teams and other stakeholders on security-related issues primarily in the application space.
 Work closely with customer stakeholders to identify and mitigate risks, perform security reviews, design top tier security practices, and deliver strategic, innovative cloud-based security offerings.
 Stay up to date on the latest security threats, trends, and technologies, and recommend solutions to mitigate risks.
 Engage in a variety of solutioning sessions which include key subject matter experts, these sessions are designed to quickly produce secure and viable solutions to critical business use-cases. Knowledge, Skills, and Abilities Required:
 Expertise in conducting product research to make informed information security assessments.
 Expertise in application security
 Expertise in the assessment of System Security Plans and Third-Party Audit documents such as SOC2 reports to develop information security position reports.
 Expertise in identifying risk as it relates to MaineIT policy, the state of its environment and Defense in Depth.
 Ability to coordinate with other subject matter experts to develop a concise position on IT products and services from an information security perspective.
 Ability to develop reports pertaining to vendor provided IT products and services.
 Ability to document procedures and diagrams related to security architecture.
 Ability to conduct research, analyze, and communicate the security and regulatory impact of risk to executive level management in a concise manner.
 Familiarity with Cloud and Network Security concepts and tools.
 Familiarity with information security system standards and certifications such as ISO-27000 family and FedRAMP.
 Familiarity in risk assessment processes for information technology systems as outlined in NIST Publications.
 Familiarity with information security controls outlined in NIST Special Publication 800-53.
 Familiarity with security compliance to federal audit agency requirements for different data types (e.g., Federal Tax Information, Criminal Justice Information, Social Security Information, Affordable Care Act Information).
 A high level of attention to detail reviewing complex documents related to information security.
Minimum Qualifications:
 Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
 Minimum of 5 years of experience in information security, with at least 3 years in a security architecture or related role.
 In-depth knowledge of security principles and practices, including application security, risk assessment and management, security architecture, compliance, and security testing.
 Experience with security technologies, including firewalls, intrusion detection and prevention systems, vulnerability scanners, and endpoint security solutions.
 Knowledge of industry standards and regulations, such as NIST, CIS, HIPAA, and FISMA.
 Strong analytical and problem-solving skills, with the ability to think creatively and strategically to develop effective security solutions.
 Excellent communication and interpersonal skills, with the ability to work collaboratively with internal and external stakeholders.
 Professional security certifications, such as CISSP, CISM, or CISA, are highly desirable. If you have a passion for security and are looking for an opportunity to make a difference in a dynamic and fast-paced environment, please submit your application to join the State of Maine's team as a Security Architect

Education

Any Gradute