An Information Security Architect ensures that security is built-in and integrated into the cloud-based products and services to protect the University’s information assets, including customer information. An individual leads the development of standards and reference architectures to produce coherent technology strategies and architectures that are aligned with the Enterprise Architecture group. An Information Security Architect collaborates with colleagues in Information Technology to enhance the University’s ability to protect the confidentiality, availability and integrity of the University's and our customers' information. Responsibilities
1. Work closely with customers, software developers, enterprise architects, information security, ethics, compliance and data privacy department, and other key stakeholders in order to build information security strategies and programs, develop and implement enterprise-level policies and standards.
2. Drive the framework University’s systems, infrastructure, cloud environments and solutions as it relates to security standards and compliance; develop and/or review system designs and architectures and make security-related recommendations that are aligned with regulatory and compliance requirements.
3. Provide guidance and consultation to the Enterprise Architecture team, as well as agile release teams and ongoing projects and initiatives, integrating optimal security controls as appropriate and required.
4. Perform information security risk assessments and provide clear recommendations for effective remediation of identified risks.
5. Maintain a strong understanding of information security technologies, concepts and trends based on changing threat landscapes.
6. Perform other duties as assigned or apparent.
NOTE: The primary accountabilities above are intended to describe the general content and requirements of this position and are not intended to be an exhaustive statement of duties. Incumbents may perform all or most of the primary accountabilities listed above. Specific goals or responsibilities will be documented in the incumbents’ performance objectives as outlined by the incumbents’ immediate supervisor or manager.
Job Supervisory Responsibilities
MINIMUM KNOWLEDGE, SKILLS, AND ABILITIES:
• Bachelor’s degree in Computer Science, Business or related area and/or a combination of education and additional job-related experience
• Eight (8) or more years of progressive experience in information security related roles, with at least 2 of those years directly related to a security architecture role
• Security-related certifications e.g., CISSP, CISM, CISA
PREFERRED KNOWLEDGE, SKILLS AND ABILITIES:
• Strong experience with NSX, ESX, security groups, container security, AWS security tools, Agile and DevSecOps methodologies
• Subject Matter Expert (SME) level knowledge of security tools, trends, methodologies and best practices for securing platforms and operating systems at the server, client and handheld level
• Thorough and current understanding of a wide range of threat vectors and their potential exploits against Systems-centric platforms and software
• Able to define and validate secure and durable reference architectures for Infrastructure Services
• Intimate knowledge of industry frameworks related to information security (e.g. ISO 27000, NIST, etc.)
• Strong experience in authentication, authorization, identity and access management technologies and processes
• Strong experience in Threat and Vulnerability Management in a large enterprise
• Strong experience with risk management methodologies and frameworks
• Strong understanding of regulatory requirements and how they impact information security functions
As an Equal Opportunity employer, we particularly encourage applications from members of historically underrepresented racial/ethnic groups, women, individuals with disabilities, veterans, LGBTQ community members, and others who demonstrate the ability to help us achieve our vision of a diverse and inclusive community.
Certified Information Security Manager
Certified Information Systems Security Professional