CISSP Jobs - Security Architect, 14343

at MFS Investment Management
Location Boston, Massachusetts
Date Posted September 18, 2019
Category Default
Job Type Full-time

Description

Basic Purpose

The Security Architect is a subject matter expert in Information Security and is responsible for the design, implementation, and effective and efficient maintenance of related technologies. Additionally, this individual has broad and expert knowledge of Information Technology at large, with a firm understanding of related disciplines and how they interoperate. The Security Architect is responsible for leading design, implementation, and troubleshooting efforts and is directly accountable for the results. The Security Architect’s deep and broad knowledge enables a holistic understanding of the technology environment.

Principal Responsibilities

  • Serves as key subject matter expert in the field of Information Security, maintaining a deep understanding of the field and its related technologies.
  • Proactively develops and maintains strong knowledge of MFS information systems and their related components, and makes recommendations to improve the reliability, scalability, performance, or security of these systems as appropriate. This includes proactive performance tuning and capacity analysis to ensure MFS is maximizing its technology investment.
  • Leverages technology to automate manual tasks, and seeks to improve efficiency wherever practicable and appropriate.
  • Provides technical support to ensure the ongoing efficient and reliable operations of related MFS information systems. Provides the technical service function for security operations. Responsible for addressing technical level security service requests received by clients. Receives documents, solves, and communicates service resolution according to management’s directives and applicable policies, procedures, and standards. Performs work within security service levels and strives to improve service levels and maintain excellent client relationships.
  • Assists management in determining Information Security strategy and direction for the company and for selected technologies. Advises IT management on information security issues, systems, processes, products, and services; defines requirements in support of budget plans and makes recommendations for ways to improve performance and reduce costs.
  • Develops, enforces and maintains MFS Information Security controls, procedures, and standards.
  • Responsible for understanding the internal and external technological tools/software used by the Information Security group to maintain compliance, assess threats and vulnerabilities, support remote and Internet access, and manage encryption. Takes a leadership role in the management of these technological tools by understanding their purpose, application, and overall maintenance and administration.
  • Leads security risk assessments to methodically analyze MFS information technology assets and processes, identifying risks from both a technical and business perspective, and recommending mitigation strategies to mitigate those risks to an acceptable level. Works closely with Information Technology and business units to ensure that security controls are properly implemented across the environment, both during design and after deployment. Prepares detailed and well-written documentation.
  • Conducts security investigations according to documented procedures and management’s directives. Maintains confidentiality in these matters and works to ensure the confidentiality of other information which is encountered during the discharge of security responsibilities.
  • Receives broad goals and overall objectives from Management and proactively establishes and implements the methods to attain them.
  • Maintain the security of a company's technology environment by planning comprehensive (complex) control design to mitigate threats while balanced with company's risk appetite and provide assurance it works
  • Create solutions that balance business requirements with information and cyber security requirements
  • Assess, establish and monitor countermeasures that protect, detect and/or deter when an unauthorized attempt occurs
  • Serves as mentor to other technical team members, and presents technology briefings to IT and business line management as required.
  • Researches and implements industry best practices.

Job Requirements

  • Bachelor’s degree or equivalent experience in a related technical field. Master’s degree or equivalent preferred.
  • Ten or more (10+) years of related Information Technology with a minimum of six (6+) years of Information Security-specific experience.
  • CISSP preferred. Additional possible certifications: CISM, CISA, ISSAP, ISSEP
  • Considered subject matter expert in the area.
  • Strong knowledge of multiple technologies, platforms, and programming languages.
  • Solid understanding of Systems Development Life Cycle models.
  • Exceptional communication skills with diverse audiences, including facilitation, negotiation and presentation skills
  • Strong critical thinking, analytical skills and attention to detail
  • Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments, and provide technical guidance to a security team
  • Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
  • Intimate knowledge of current and trends with security solutions to be able to integrate with controls and safeguards
  • Familiar with emerging technology and the effect on designing security controls, such as Blockchain, Artificial Intelligence, Machine Language, Robotics, Mobile, Cloud (public, private and hybrid for Infrastructure as a Service (IAAS, Amazon Web Services (AWS) or Microsoft Azure), Platform as a Service (PAAS), Software as a Service (SAAS)
  • Understanding of network protocols and ability to develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices
  • Understand programming language and technologies to write code, complete programming and performs testing and debugging of applications
  • Java/J2EE, C#, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle.
Drop files here browse files ...