CLIENT organization is seeking an experienced security architect to collaborate with the Compliance, Audit and Risk team to identify & prioritize risk components, technology audits, and compliance issues respectively for the IS organization. Based on the prioritization, the architect will create and maintain the 12 to 36 month strategy and direction for information security technologies.
This position reports to the Senior IS Security Manager and includes the following
Role Specific Responsibilities
•Create security architecture standards for adoption of new technology
•Identify, quantify, and provide recommendations for security risks as it relates to enterprise projects.
•Partner with CAR, Engineering and IT leaders to drive security strategy and direction
•Produce management reporting, including appropriate metrics that inform senior leadership as to the state of information risk and exposure
•Understands security product / service cost drivers and industry and business trends impacting the US Cellular information security program
•Recognizes and identifies potential areas where existing security polices and procedures require change, or where new ones need to be developed, especially regarding future business expansion
•Provide information security matter expertise to technology teams and projects
•Evaluate and recommend security software/hardware and its integration into existing architecture (Proof of Technology)
•Consult with business clients and 3rd parties on security architecture
•Research and benchmark security infrastructure technologies as it relates to the organization
•Ensure that the organization is leveraging the proper technologies to meet SOX, PCI, and CPNI compliance.
•Ensure compliance with local regulations e.g. local encryption regulations and privacy law
•College degree in related technical / business areas and/or 7 to 12 years equivalent work experience
•3+ years experience as a security architect or consultant for a Fortune 500 company
•CISSP certification a plus or other relevant security certifications
•Professional security management certification, such as a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
•In depth knowledge of information security practices related to PCI, SOX, CPNI, and OWASP application security.
•Solid understanding of information security standards and frameworks (NIST, ISO27001, etc.)
•Experience implementing security at the application, network and operating system levels
•Experience with mainstream IT Technologies, such as products from Oracle, and IBM
Relevant Technical Skills
•Information Risk Mgmt: Content filtering technologies, application firewalls, vulnerability scanners, LDAP, security incident response, encryption, Identity Management (IdM)
•O/S: Linux (Red Hat, SUSE), Windows (2008 Server, XP, Windows 7), UNIX, AIX
•Network: Firewalls, Proxy Servers, Reverse Proxy Servers, IPS, Wireless Security
Data Governance: Data Loss Prevention, File Integrity Monitoring, SEIM
Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178
Intrusion Detection And Prevention