Enterprise Security Architect
Position
Summary:
The Enterprise Security Architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices.
The Enterprise Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.
Position Responsibilities may include, but not limited to:
Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers Develop security strategy plans and roadmaps based on sound enterprise architecture practices Develop and maintain security architecture artifacts (e.
g.
, models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts Participate in application and infrastructure projects to provide security-planning advice Determine baseline security configuration standards for operating systems (e.
g.
, OS hardening), network segmentation, identity and access management (IAM), and endpoint protection Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application Coordinate with the privacy officer or office to document data flows of sensitive information in the organization (e.
g.
, PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.
g.
, encryption and tokenization) Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:
Software as a service (SaaS) providers Platform as a service (PaaS) providers Cloud/infrastructure as a service (IaaS) providers Managed service providers (MSPs) Evaluate the statements of work (SOWs) for these providers to ensure that adequate security protections are in place.
Assess the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required user controls and report any findings to the CISO and vendor management teams Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics Coordinate with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems Liaise with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs Other projects or duties as assigned.
Recommended Skills Architecture Assessments Auditing Business Continuity Planning Cryptography Enterprise Architectures Estimated Salary: $20 to $28 per hour based on qualifications.
Summary:
The Enterprise Security Architect plays an integral role in defining and assessing the organization's security strategy, architecture and practices.
The Enterprise Security Architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.
Position Responsibilities may include, but not limited to:
Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers Develop security strategy plans and roadmaps based on sound enterprise architecture practices Develop and maintain security architecture artifacts (e.
g.
, models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts Participate in application and infrastructure projects to provide security-planning advice Determine baseline security configuration standards for operating systems (e.
g.
, OS hardening), network segmentation, identity and access management (IAM), and endpoint protection Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application Coordinate with the privacy officer or office to document data flows of sensitive information in the organization (e.
g.
, PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.
g.
, encryption and tokenization) Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable Liaise with the vendor management (VM) team to conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data:
Software as a service (SaaS) providers Platform as a service (PaaS) providers Cloud/infrastructure as a service (IaaS) providers Managed service providers (MSPs) Evaluate the statements of work (SOWs) for these providers to ensure that adequate security protections are in place.
Assess the providers' SSAE 16 SOC 1 and SOC 2 audit reports (or alternative sources) for security-related deficiencies and required user controls and report any findings to the CISO and vendor management teams Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics Coordinate with operational and facility management teams to assess the security of operational technology (OT) and Internet of Things (IoT) systems Liaise with the business continuity management (BCM) team to validate security practices for BCM testing and operations when a failover occurs Other projects or duties as assigned.
Recommended Skills Architecture Assessments Auditing Business Continuity Planning Cryptography Enterprise Architectures Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
