Description
*We are unable to sponsor for this 6+ Month Contract role*
Prestigious Security Firm is currently seeking an Information Security Risk Controls Architect. Candidate will support the Security Architecture team responsible for architecture of the security controls environment in the cloud and on-premise and ensuring that security requirements are met in systems design and implementation. This individual will work with the Security Architecture team to problem solve, define requirements and scope for application security, Control implementation, control validation and adversarial testing. The position will include extensive interaction with IT, Security Engineering, Security Assurance, EPMO, Windows services, and end-users for the duration of the engagement.
Responsibilities:
Conduct architectural Security control validation testing processes
Define security requirements aligned with current threat intelligence and industry standards such as the NIST CSF, CSA, FFIEC, OWASP
Review current system security measures and recommending and implementing enhancements.
Conduct market surveys of security tooling to identify potential replacements or upgrades to enhance security and resilience
Partnering with IT department to design and implement effective Embedded security capabilities
Drive the maturation and automation of Security information dissemination and oversight processes
Support Security Assurance in assessing the effectiveness of planned remediations for identified security defects
Produce reporting and documentation artifacts for leadership and staff relating to security related activities
Ensure alignment of security controls and supporting services and related policies and procedures with applicable regulations and industry standard best practices
Assists Security Analysts, transferring technical and risk management knowledge
Assist in project planning, program development, and process formalization.
Perform other duties as assigned
As directed, draft Confluence documentation
Complete knowledge transfer to staff, as needed.
Qualifications:
Bachelor degree in Computer Science, Management Information Systems, Statistics & Quantitative Modeling, Mathematics a plus or the equivalent combination of education and/or relevant experience.
10 years hands-on Information Security architecture or engineering
Experience with design and specification of security control technologies such as IAM, Network Access Controls, PKI, Firewalls, IPS
Experience with AWS and cloud-native tools desired; training provided as needed.
Advanced understanding of information related frameworks and standards such as COBIT, NIST 800-53, NIST CSF, ISO etc.
Experience in security risk management principles and practices.
Experience in working with regulatory frameworks and requirements relevant to OCC such as, Reg SCI, CFTC 99.18, etc.
Professional security certifications a plus (ie, AWS, CSA, GIAC, CISSP, CISA, CISM, CRISC)