The Information Security Architect will actively promote a culture of information security throughout the enterprise. The scope of this position spans the organization's technology solutions including software applications, infrastructure, and data integration solutions. The Information Security Architect will develop a thorough understanding of all IT systems and how those systems are secured. The Information Security Architect will be responsible for advising the Application and Infrastructure functions on emerging vulnerabilities and newly introduced risks to enterprise systems.
location: Malvern, Pennsylvania
job type: Contract
work hours: 9 to 5
- Develop, implement and monitor a strategic information security program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
- Collaboration and communication across The Institutes to ensure appropriate security processes, procedures and tools are installed, monitored, and effectively operating and alerting.
- Verifies security systems by developing and implementing test scripts.
- Determines security requirements by evaluating business strategies and requirements, researching information security standards, conducting system vulnerability analyses and risk assessments, studying architectural platform, identifying integration issues, and preparing estimates.
- Maintains security by monitoring and ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs.
- Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements.
- Prepares system security reports by collecting, analyzing, and summarizing data and trends.
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Develop and maintain a Secure Software Development Lifecycle (SSDLC) for the Applications function, with necessary and training and certification for developers
- Develop and maintain a software source code and application verification program for any assets developed by The Institutes
- Serve as the escalation point for technical issues related to information security platforms.
- Take the lead role in responding to and containing information security related incidents.
- Conduct regular technical risk assessments/audits of both internal, and relevant external systems and infrastructure.
- Assist in the development and knowledge transfer to IT team members, as well as other enterprise groups.
- Bachelor's or Master's Degree in Information Technology, Computer Science, Engineering or related field.
- CISA, CISM, CISSP or similar certification preferred.
- Solid understanding of security protocols, cryptography, authentication, authorization and security
- Good working knowledge of current IT risks and experience implementing security solutions
- Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
- Ability to interact with a broad cross-section of personnel to explain and enforce security measures
- Experience with incident response and analysis.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.