Job Summary

Sr Security Architect

  • Location:
    San Francisco , California
  • Category:
    Information Systems
  • Contract Type:
    Contract/Temp to Hire
  • Job reference:
    US_EN_6_17195_58681414

 
**Please call Aparna Sreeraman at 415 228 4275 or email Aparna.sreeraman at modis.com if you have any questions about the opportunity**
The Senior Security Architect provides security consulting support to business and project teams as to risk assessments and security controls, ensure architectural alignment relative to meeting defined security requirements and working to promote business enablement while maintaining an appropriate security posture relative to risk.  The Senior Security Architect also works to identify opportunities for standardization of security controls and practices across the enterprise rather than point solutions with the objective of making security, including technologies, processes and people, an intrinsic competency rather than an afterthought in addressing business and IT needs.  
This role will focus on security matters across all aspects of the enterprise including the development and/or acquisition of applications, databases and systems solutions that are responsive to business needs, address the technical requirements and are aligned with company security strategies, policies and standards.  This position plays a key role in helping to drive for maturation and effectiveness of our security controls while working to maintain a balanced approach commensurate with risk.  
 
The ideal candidate will be a key member of the IT Security Architecture organization responsible for applying architecture standards and principles to all aspects of the organization.  The candidate will be expected to be pragmatic, well organized, and results oriented in every aspect of your work.   We are looking for self-starters who are comfortable making good decisions and formulating creative solutions to business and operational problems as well as overall risk identification and mitigations.  
Specific Security Architecture responsibilities include, but not limited to, the following:
• Provide leadership, mentorship and advisory services to IT, business and project teams to ensure that solutions are in line with the architecture direction and business strategies
• Highly collaborative -- work across the company to drive adoption of technical standards, design principles and architecture patterns
• Provide technical guidance and mentoring to engineers, designers and developers
• Develop Enterprise Architecture documents / artifacts from templates working with extended IT and Business teams
• Identify architectural risks and plans to mitigate risks, ensure adherence to standards and best practices
• Influences and communicates effectively with non-technical audiences including senior product and business management
• Maintain a broad knowledge of new technology tools and trends, and apply that knowledge to architecture designs
• Wide knowledge of architecture standards and patterns, a passion for advocating their correct usage
• Have excellent communication skills (written and verbal)
• Demonstrate strong problem solving ability and analytical skills
• Provide assessment of current state architecture and recommendation of future state architecture
• Documenting and publishing the portfolio application reference architecture, and guidelines and standards for designing and developing target state capabilities
• Key member of the Enterprise Architecture Review Board (EARB) for architecture governance
 
Specific Security Architecture responsibilities include, but not limited to the following:
• Strives to establish and foster positive working relationships and partnership across IT Security, business and project teams focused toward security being an enabler and BSC imperative to protect our member’s information by doing “the next right thing”
• Conducts security & vendor (Cloud) risk assessments as required
• Ensures compliance with regulatory and industry standards for infrastructure and information system security
• Represents security interests to project teams by ensuring security standards and requirements are defined as part of the deliverables.   Provides input and guidance on adherence to defined security requirements and/or means to address any identified gaps
• Evaluates new products, methods, and technologies to protect against existing and emerging security threats
• Provides project consulting, evaluating proposed solutions including vendor products for IT security risks and working to define and push for standards, identify gaps and apply compensating controls as deemed necessary
• Participates in the development of IT Security strategies, policies and standards
• Collaborates with business and project teams to ensure third party applications and services comply with our policies and principles
• Monitors the external application security threat landscape and recommends proactive actions to reduce risk to the enterprise
• Participates in driving encryption strategy and standards plus evaluates encryption solutions
 
Experience
 
• At least 10-15 years of related IT security and Security Architecture experience plus demonstrated ability to perform a risk-based approach to securing applications, databases or infrastructure based upon IT and business needs
• Experience in designing, architecting, and implementing complex enterprise applications, infrastructures, platforms and systems with security built in
• Understanding of software development methodologies and the security controls needed to support secure SDLC principles
• In depth understanding and knowledge of network security capabilities and best-practices (e.g. IPS/IDS, firewalls, proxies, BYOD, wireless security)
• Excellent written and verbal communication skills with strong relationship building skills
• Persuasive in influencing strategic security architecture direction, framing reference architectures and pattern components, specifying policies and standards, drive consensus on target state architectures, and influence roadmaps
• Skilled in applying strategic architecture direction to project delivery using standard engagement methods
• Fundamental working knowledge of industry-standard enterprise architecture models (e.g. TOGAF, NIST, SABSA) and approaches
• General understanding and familiarity with protecting against web and web services security vulnerabilities including the OWASP Top Ten and the SANS Top Twenty Five software errors
• Knowledge of HIPAA, HITECH, PCI-DSS, ISO 2700X and proper application of the Security and Privacy Rules.  Preferred knowledge of the HITRUST Common Security Framework and more prescriptive security requirements and controls
• Strong business acumen and a commitment to integrity, process improvement and customer satisfaction
• Broad understanding of distributed, highly-available computing environments, and proactively addressing threats and vulnerabilities at all layers
• Experience with TCP/IP and related protocols
• Knowledge and experience with securing virtualized platforms and solutions like IBM Portal Framework and VMWare ESX highly desired
 
Job Additional Education/Experience
 
• Knowledge of healthcare industry and industry related technology would be a strong plus
• Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience
• Ability to rise above the security related FUD and focus on specific work priorities and execution with positive outcomes
• CISSP, CCSP, CISM or other security and/or Enterprise Architecture methodology certifications preferred
 
Will this candidate interface with IT and business teams? If so, which ones? Application development, Infrastructure Teams, Data management, databases, Cyber Defense Center (CDC) , Incident Management, Security Risk and Governance , IT compliance
1. Provide leadership, mentorship and advisory services to IT, business and project teams to ensure that solutions are in line with the architecture direction and business strategies 1. Knowledge of healthcare industry and industry related technology would be a strong plus
 
2. Provide technical guidance and mentoring to engineers, designers and developers
Develop Enterprise Architecture documents / artifacts from templates working with extended IT and Business teams
2. General understanding and familiarity with protecting against web and web services security vulnerabilities including the OWASP Top Ten and the SANS Top 20 controls. NIST.SP.800-53r4 background
 
3. 3. Knowledge of HIPAA, HITECH, PCI-DSS, ISO 2700X and proper application of the Security and Privacy Rules.  Preferred knowledge of the HITRUST Common Security Framework and more prescriptive security requirements and controls
Education Requirement: Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience
Required Testing:
Software Skills Required:
Required Certifications: CISSP, CCSP, CISM or other security and/or Enterprise Architecture methodology certifications
 
 
 
 
 


Apply Below

OR

Note: Required fields marked with an asterisk (*).

*
Greeting



*
*
*
*
*
*
Primary Number
*
*
Preferences
[Ctrl (Cmd Mac) + Click] to select multiple industries
Upload your resume
*
Terms of Use
*

Or

Upload your resume using

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Equal employment opportunity information:
EEO is the Law (poster) | EEO is the Law (poster supplement) | Reaffirmation of Affirmative Action Policy Statement