Information Security Architect (Remote - NC, NJ, VA, AZ)

Overview

This is a remote role that may be hired only in NC, AZ, NJ, VA.

**Remote with ability to travel to Raleigh, North Carolina, Phoenix, Arizona or Morristown, New Jersey, on an as needed basis.

This position is responsible for delivering architecture intent to enterprise stakeholders and the Information Security organization at-large, that ensures the secure realization of business initiatives in a manner consistent with the Bank's current and future risk appetite.

Responsibilities

• Security Strategy: assists in designing and implementing security strategies for assigned subject matter domain (e.g., Identity and Access Management, Compute) and Information Security, at-large based on knowledge of the assigned-domain; bank policies and standards; current, and anticipated, regulatory requirements; and expected threats and associated risks.

• Security Architecture: review existing and proposed architectures, identify security gaps - through threat modeling and/or technical risk assessment, and recommend changes and/or enhancements. Continuously enhance process(es) to drive scale, consistency, repeatability, to this end.

• Solutions Architecture: as required, function as a solutions architect for security solutions; provide the initial solutions architecture, assist with foundational integrations, and lead the initial implementation of solutions

• Business Support: serve as an Information Security subject matter expert, providing advisory and consulting services to stakeholders, as required. To this end, effectively communicate to technical and nontechnical audiences alike in both oral and written form.

• Continuous Education: maintains a strong knowledge of developments in information technology, developments in security technology, and emerging security threats. Utilizes knowledge to influence security strategy - e.g., identity technology capabilities needed to address threats; establish secure design patterns for emergent technologies

• 4+ years of providing architecture and/or security architecture subject matter expertise in a large-scale enterprise environment

• Demonstrable experience with threat modelling (e.g., PASTA, STRIDE, DREAD) and technical risk assessment in an enterprise environment

• Familiarity with one of more Industry-standard security framework - e.g., NIST RMF, NIST CSF, COBIT, ISO, CIS, CSA CCM

• Familiarity with one of more Industry-standard architectural framework - e.g., TOGAF, DODAF, Zachman

• Familiarity with one of more cyber-attack taxonomy (e.g., CAPEC, ATT&CK)

• Advanced Security Certifications, such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) are highly desirable.

• Experience with scripting and/or programming

• Effective communicator, capable of effectively translating and presenting complex technical concepts to both technical and non-technical management and customers, through oral presentations and written media (white papers and demonstrations)

• Exceptional interpersonal skills and a collaborative spirit that enables you to work effectively with stakeholders at all levels, agnostic of background

• Strategic planning and execution, with a talent for turning complex challenges into actionable solutions.

• Strong analytical skills with high attention to detail and accuracy with the ability to use data-driven metrics to communicate change and risk reduction.

• Large Financial Institution (LFI) experience