You haven't searched anything yet.
Job Title : Security Architect
Job Location : Boston, MA (Hybrid- 4 days a month will be onsite)
Position Type : Contract
Job Description:
Position Summary :
The BEST Program Security Architect will work with the BEST Security Lead, BEST Compliance Lead, BEST Technical Lead, Executive Office of Technology Services and Security (EOTSS) security team, and product vendors. The primary responsibility is to implement business and technical controls that meet specific security requirements and to define processes and standards that maintain approved security configurations in the new Financial Solution. This role ensures confidentiality, integrity, availability, risk management, and compliance of the business solution. As a key member of the project’s Security Team, the Security Architect will work closely with other team members to develop and implement a comprehensive information security program. This includes:
The Software as a Solution (SaaS) model chosen by the Commonwealth includes data security protocols and procedures that are audited annually by a third party.
The Service Level Agreement (SLA) and contract documentation between the Commonwealth and the system integration and product vendor outline the terms and conditions for maintaining data security, which will be monitored by the Commonwealth.
The Security Architect will assist the Commonwealth in implementing necessary procedures to meet risk mitigation requirements and monitor vendor compliance with security protocols.
This role involves collaborating with program functional teams to identify end-user roles and permissions for implementing the new solution across in multiple agencies and user types, ensuring appropriate data access. User security procedures will be developed in conjunction with the BEST Security Lead, the system integration and product vendor, and agency staff responsible for user provisioning and deprovisioning.
The Security Architect will report to the BEST Security Lead, who reports to the BEST Solution Technical Lead. Close coordination with the BEST Compliance Lead and the BEST program's Independent Verification and Validation (IV &V) vendor will be required.
This role is responsible for translating complex security problems into sound technical solutions, providing technical security and architectural direction to technology business teams, ensuring that development efforts are adhering to security design and compliance standards and requirements, providing insights and guidance on overall secure system design, and documenting and communicating security architectural requirements.
Specific Duties
This position will focus on the Platform (hosting) security and will align with the BEST security lead on application/user security, including but not limited to:
o Work with Executive OTSS to onboard Advantage 4 to work with the Commonwealth Single Sign On - SSO for employees and for vendors.
o Remediate department users that are not on mass.gov, to create a way for those department user access Advantage 4 when not on mass.gov.
o Will oversee security SLAs to ensure appropriate security reports are created, as well as create a process to for review to ensure SLAs are monitored by the Commonwealth.
o Work with EOTSS on and oversee security testing (pen-testing) and to review/remediate results/issues, as necessary.
o Work with the BEST Compliance Lead to develop strategies, procedures and recommended roles and responsibilities to enforce security requirements and address identified risks related to the use of the new
Financials solution and suitability of underlying internal controls and technologies.
o Provide advice regarding end user security roles and groups, data access controls and security role provisioning (onboarding) and de-provisioning (offboarding) protocols to ensure that data are accessed appropriately in the new Financials solution.
o Participate in disaster recovery, business continuity, back up, operational set up and configuration, as well as support disaster recovery/business continuity testing, documentation, and improvement.
o Oversee execution testing of Security Incident Event Management (SIEM) across several security domains including Cloud SaaS vendor, Comptroller’s office, and EOTSS.
o Oversee integration testing of EOTSS Single Sign On (SSO), EOTSS Identify Access Management (IAM), EOTSS Multi-Factor Authentication (MFA), Cloud SaaS Vendor user access management, and Comptroller’s access controls and provisioning processes. o Implement agreed mitigations and solutions to address business and technology vulnerabilities.
o Document and implement technical controls, processes and procedures related to data security in conjunction with the BEST Security Lead, Technical Lead, Compliance Lead and Commonwealth Executive Office of Technology and Security Services (EOTSS).
o Assist security administrators and IT staff in the resolution of reported security incidents. Act as a liaison between incident response leads and subject matter experts. Monitor daily or weekly reports and security logs for unusual events.
Conduct additional business system analysis as needed. Design future state security solution supporting data and application security needs and environment security needs across multiple stakeholders. o Identify business and technology security vulnerabilities and make recommendations to program leadership and stakeholders.
findings, tracking progress and providing status updates to the BEST Team.
regulations pertaining to information security. Identify regulatory changes that will affect information security policy, standards, and procedures, and recommend appropriate changes.
Required Skills
• Experience with Software as a Service cloud implementations particularly those in which legacy on premise applications have been migrated to cloud delivery options.
Minimum Entrance Requirements
application programming interfaces (APIs), middleware, servers and storage, database management, data security, and system administration and operations
• Minimum of three years of security architecting design and implementation with security certifications, such as: SIA Security
In your response, please provide answers to the following questions:
Job Type: Contract
Pay: Up to $70.00 per hour
Expected hours: No more than 40.00 per week
Benefits:
Schedule:
Experience:
License/Certification:
Ability to Commute:
Ability to Relocate:
Work Location: Hybrid remote in Boston, MA 02108
Contractor
IT Outsourcing & Consulting
$133k-165k (estimate)
06/14/2024
06/18/2024
hireitpeople.com
EAST BRUNSWICK, NJ
25 - 50
2010
YASHODA D NANDAN
<$5M
IT Outsourcing & Consulting
If you need more information, please speak to a HR Specialist at (800) 693-8939 Option 1 Our expert HR Specialists will work with you for a smoother Transition from your present H1B Employer, we will negotiate with your Client or Vendor to move your Project to our Company. We have expertise in professionally handling Billing/Project Transfers and the entire H1B Transfer Process from Purchase Order through H1B Approval. Hire IT People, LLC does not require any employee to sign long-term Contracts. If situation changes and you have to resign from our Company, we will ensure to provide necessary ...Employment Verification and Experience letters immediately. However we retain records for over 5 Years, you may contact us anytime. Our on-time H1B filing will provide relief from any gaps in your H1B status. Our Company has good Track record with USCIS and our detailed documentation ensures H1B approvals, our expertise ensures that your H1B Transfer or H1B Extension goes as expected, while complying with the laws. Our documentation covers every aspect of H1B Employer-Employee Relationship Memo, while complying with the USDOL and USCIS Laws.
More
Show less
The job skills required for Security Architect include Cybersecurity, Information Security, Leadership, Risk Management, Incident Response, SIEM, etc. Having related job skills and expertise will give you an advantage when applying to be a Security Architect. That makes you unique and can impact how much salary you can get paid. Below are job openings related to skills required by Security Architect. Select any job title you are interested in and start to search job requirements.
The following is the career advancement route for Security Architect positions, which can be used as a reference in future career path planning. As a Security Architect, it can be promoted into senior positions as a Cyber Security Architect III that are expected to handle more key tasks, people in this role will get a higher salary paid than an ordinary Security Architect. You can explore the career advancement for a Security Architect below and select your interested title to get hiring information.