Hybrid onsite in Boston. Must be local to the Boston area. 2-3 days a week onsite.

Our client is seeking a Program Security Architect. The Program Security Architect will work with the Security Lead, Compliance Lead, Technical Lead, and product vendors. The primary responsibility is to implement business and technical controls that meet specific security requirements and to define processes and standards that maintain approved security configurations in the new Financial Solution. This role ensures confidentiality, integrity, availability, risk management, and compliance of the business solution.

We can facilitate w2 and corp-to-corp consultants. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insurance.

As a key member of the project's Security Team, the Security Architect will work closely with other team members to develop and implement a comprehensive information security program. This includes:

• Design and recommend protocols and procedures for monitoring the product vendor's performance against Service Level Agreement standards regarding data security, annual security audits, and disaster recovery testing.
• Define security policies, processes and standards related to end- user roles, data access for application users, and how users will be provisioned and de-provisioned.
• Provide input on selection, deployment, and oversight of security technologies.

The Security Architect will participate in recommending strategies for:

• Monitoring compliance with vendor and Commonwealth IT security policies and applicable laws.
• Defining procedures for investigating and reporting security incidents.

The Software as a Solution (SaaS) model includes data security protocols and procedures that are audited annually by a third party. The Service Level Agreement (SLA) and contract documentation between the client and the system integration and product vendor outline the terms and conditions for maintaining data security, which will be monitored by the client. The Security Architect will assist the client in implementing necessary procedures to meet risk mitigation requirements and monitor vendor compliance with security protocols.
Specific Duties:
This position will focus on the Platform (hosting) security and will align with the BEST security lead on application/user security, including but not limited to:

• SSO for employees and for vendors.
• Will oversee security SLAs to ensure appropriate security reports are created, as well as create a process to for review to ensure SLAs are monitored.
• Work with other teams to oversee security testing (pen-testing) and to review/remediate results/issues, as necessary.
• Work with the Compliance Lead to develop strategies, procedures and recommended roles and responsibilities to enforce security requirements and address identified risks related to the use of the new Financials solution and suitability of underlying internal controls and technologies.
• Provide advice regarding end user security roles and groups, data access controls and security role provisioning (onboarding) and de-provisioning (offboarding) protocols to ensure that data are accessed appropriately in the new Financials solution.
• EOTSS Single Sign On (SSO), Identify Access Management (IAM),Multi-Factor Authentication (MFA), Cloud SaaS Vendor user access management, and Comptroller's access controls and provisioning processes.
• Single Sign On (SSO), EOTSS Identify Access Management (IAM), Multi-Factor Authentication (MFA), Cloud SaaS Vendor user access management, and Comptroller's access controls and provisioning process
• Implement agreed mitigations and solutions to address business and technology vulnerabilities.
• Document and implement technical controls, processes and procedures related to data security in conjunction with the BEST Security Lead, Technical Lead, Compliance Lead and Commonwealth Executive Office of Technology and Security Services (EOTSS).
• Assist security administrators and IT staff in the resolution of reported security incidents. Act as a liaison between incident response leads and subject matter experts. Monitor daily or weekly reports and security logs for unusual events.
• Assist in identifying security requirements, using methods that may include risk and business impact assessments. Components of this activity include but are not limited to:
• Review of SLA requirements agreed to by the Commonwealth and the SI and product vendor(s).
• Review of Commonwealth IT policies related to data security.
• Review of Commonwealth Risk Management Office assessments and recommendations regarding data security risk mitigation.
• Conduct additional business system analysis as needed. Design future state security solution supporting data and application security needs and environment security needs across multiple stakeholders.
• Identify business and technology security vulnerabilities and make recommendations to program leadership and stakeholders.
• Working with the BEST Compliance Lead, assess compliance with risk and cybersecurity frameworks and standards such as NIST, ISO, COSO, PCI, FERPA, and GLBA.

Skills, experience, and other compensable factors will be considered when determining pay rate. The pay range provided in this posting reflects a W2 hourly rate; other employment options may be available that may result in pay outside of the provided range.

W2 employees of Eliassen Group who are regularly scheduled to work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law in the worked-in state/locality.

Please be advised- If anyone reaches out to you about an open position connected with Eliassen Group, please confirm that they have an Eliassen.com email address and never provide personal or financial information to anyone who is not clearly associated with Eliassen Group. If you have any indication of fraudulent activity, please contact InfoSec@eliassen.com.

Job ID: 385179

About Eliassen Group:

Eliassen Group is a leading strategic consulting company that provides business and IT services for our clients as they seek to transform and execute strategies that will drive exceptional outcomes. Leveraging over 30 years of success, we focus on professional services, talent solutions, and life sciences. Eliassen Group offers local community presence and deep networks. We are committed to positively impacting the lives of our employees, clients, consultants, and the communities in which we operate.

Eliassen Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

Don't miss out on our referral program! If we hire a candidate that you refer us to then you can be eligible for a $1,000 referral check!