|Date Posted||January 6, 2022|
Please see the Job Description Below:
Under the general guidance of the Chief Information Security Officer (CISO), the Information Security Architect provides IT system security designs and solutions and creates the information security foundation for service solutions, processes, and innovative ideas. This role will deliver information security expertise over a wide range of IT and business solutions that will be delivered through direct participation on project teams and consultative services across business and IT groups. This role will also plan, design, and manage enterprise information security initiatives in support of the core security functions of the Information Security group. Develops and maintains information security policies, standards, and processes, and applies in-depth knowledge of functional aspects of information systems security and compliance.
ESSENTIAL DUTIES AND RESPONSIBILITIES
· The Security Architect will provide expert guidance and security oversight for projects, and technical architecture. Manages and/or participates in projects to ensure security requirements are evaluated and met. Provides input as a member of project teams to ensure that adequate security controls and features are implemented into information systems and to certify that new systems meet security standards and comply with SMBC policy. (25% of time)
· Works with CISO to define security standards, procedures, operational activities, and technical architecture. Manages the development and implementation of Information Security policies and standard procedures to ensure the ongoing practice of security as a process within SMBC. Involved in the governance of outsourced security services. Participates as a member of IT Computer Incident Response Teams (CIRT) in the event of an emergency security or non-security breach. (25% of time)
· Key participant in formulating SMBC’s IT security strategies. Determines technology and process requirements to implement security strategies. Assesses SMBC’s IT environment against industry best practices and benchmarks to determine the weaknesses and vulnerabilities of the information security infrastructure, implementing security measures to decrease exposure to attack and/or penetration. (20% of time)
· Works with other departments to assist in engineering and or provide technical integration of security solution and monitoring systems. (15% of time)
· Maintains up-to-date knowledge and awareness of industry trends related to Information Security and assess its impact on SMBC’s business operations. Understands public policy and regulatory trends related to privacy and security. (15% of time)
· Performs other duties as required.
Education and/or Experience
· A minimum of eight (8) years of progressively increasing responsibility and achievement in the Information Security discipline with experience leading security architecture design initiatives and driving strategy.
· A Bachelor’s Degree in a related technical or business discipline is required. Specific experience in the health care industry is desirable.
· Working knowledge and hands-on experience with a variety of information security tools and technologies commonly used in Security Operations Center and enterprise detection/protection.
· Competent in creating architecture diagrams, technical writing, and documentation.
· Knowledge and working experience with disaster recovery, vulnerability assessment, penetration testing, incident response, industry security standards and practices, web application security, security audit/review processes and applying corporate and federally mandated policies.
· Demonstrated ability to be a respected information security advisor to senior IT management as well as to IT operations, operating groups, technical staff, and project management, and the skills to interface across several channels to proactively assist in defining solutions, direction, specifications, and architectural principles.
· In-depth, up-to-date, and broad knowledge of the IT Security field is required, including all major communications and computing technologies and trends, including significant domestic and international exposure.
· Knowledge and experience in IT risk and compliance management programs related to IT Audit, 3rd Party Risk Management, and Security and Privacy Regulations.
· Knowledge and experience with information security standards such as NIST, ISO, COBIT, and associated security controls.
· Knowledge and experience with ITIL and IT Service Management.
Certificates, Licenses, Registrations or Professional Designations
· An industry recognized certification (e.g., CISSP, GIAC, CISA, CISM) is required.
SKILLS, KNOWLEDGE AND ABILITIES
· Excellent interpersonal, oral/presentation and written communications skills in both technical and non-technical language.
· Conceptual and analytical thinker, able to understand, analyze and synthesize complex business and technology issues and strategies.
· Team builder/player and able to work effectively with others with a demonstrated cultural awareness for interactions in multicultural, multi-national, and multi-vendor settings.
· Broad information technology and project management background.
· Strong judgment and decision-making skills; be self-motivated with the ability to work independently and in teams with minimal direction but willingness to seek advice/assistance.
· Flexible and adaptable process-oriented work style; strong demonstrated work ethic; personal time management skills.
· Demonstrated work ethic that emphasizes customer focus, quality, and continuous improvement.