Security Architect

Job Description

Job Description

Job Role : Security Architect

Location : Washington DC (Hybrid role)

Duration : 6 months contract role

Essential Job Functions :

Experienced IT professional establishing the direction for enterprise-wide projects and contributing to strategies, plans, and policies related to security, risk management, and / or compliance.

Consults to project teams where significant risk, security and compliance issues are involved, including those that have not been encountered before and / or have broad implications for the enterprise.

Empowered to make decisions at the enterprise level which can impact all ITS and WBG, functions independently with limited work direction.

Takes a lead role in developing the risk management, security, and / or compliance plan for a project, ensuring design is compliant with policy, operational requirements and within defined risk appetite.

Creates advisory documents or project artifacts in standard situations; identifies root causes of risk, security, and / or compliance incidents that arise and directs the resources necessary to resolve them.

Conduct risk, security and compliance audits / assessments and define strategies to address identified issues and prioritize risk treatment options to manage risk within defined appetites.

Monitors emerging trends in IT security, risk management and compliance, and makes recommendations to management.

Assist with the establishment and maintenance of a framework to provide assurance that internal controls and processes meet best practice and audit requirements.

Designs controls, standards and key risk and performance indicators. Educates colleagues in their area(s) of expertise and assists in the development of awareness and compliance training programs.

Provides technical expertise on the administration of tools relates to their area(s) of expertise.

Provides guidance to project teams on security / risk management / compliance issues; ensures that project plans / technology initiatives are compliant. Resolves project problems related to their area(s) of expertise.

Provides technical guidance and mentorship to team members.

Leads programs to enhance security / compliance / risk awareness across the WBG

Develops innovative solutions, contributes new insights to understand situations and develops solutions to resolve complex problems. Identifies and pursues innovative approaches to resolve issues.

Participates in the evaluation of emerging technologies that are new to the information systems industry. Applies knowledge across WBG to strengthen solutions for internal and / or external clients.

Must Have :

Experience with enterprise security architecture design and implementation for a financial services organization or other organizations with similar information security needs and requirements.

Demonstrated hands-on experience with Infrastructure as Code (IaaC), including specific examples of automating and managing infrastructure through code in previous roles.

Proven knowledge and application of Artificial Intelligence, Machine Learning, and Generative AI, with real life solutions of using these technologies to address complex challenges.

Extensive experience in API security, successful implementation of robust security practices and protocols to ensure the protection and integrity of APIs.

Familiar with Microsoft, Azure, and Office 365 technology platforms, applications, and security controls for such Microsoft technologies.

Familiar with Agile practice at an enterprise scale. Familiar with Scaled Agile Framework (SAFe) is a plus.

Selection Criteria :

Master's degree with 8 years relevant experience or bachelor's degree with a minimum of 10 years relevant experience. Sample degrees : Computer Science, Information Management, and Information Systems.

Experience in providing guidance for application security, risk assessment, and data protection based on data sensitivity and associated business risks.

Experience with enterprise security architecture design and implementation for a financial services organization or other organizations with similar information security needs and requirements.

Demonstrated hands-on experience with Infrastructure as Code (IaaC), including specific examples of automating and managing infrastructure through code in previous roles.

Proven knowledge and application of Artificial Intelligence, Machine Learning, and Generative AI, with real life solutions of using these technologies to address complex challenges.

Extensive experience in API security, successful implementation of robust security practices and protocols to ensure the protection and integrity of APIs.

Familiar with Microsoft, Azure, and Office 365 technology platforms, applications, and security controls for such Microsoft technologies.

Familiar with Agile practice at an enterprise scale. Familiar with Scaled Agile Framework (SAFe) is a plus.

Experience guiding project team remediating common application vulnerabilities.

Certification Requirements :

Certified Information Systems Security Professional (CISSP) is a plus.

GCP, AWS or Microsoft Certified Cloud Solution Architect certification is a plus.

Required Skills / Abilities :

Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applications.

Work independently with minimal supervision, and ability to work well under pressure and meet tight deadlines.

Hands-on experience with Infrastructure as Code (IaaC), demonstrating proficiency in automating and managing infrastructure through code.

Extensive knowledge of Artificial Intelligence, Machine Learning, and Generative AI is essential, with the ability to apply these technologies to solve complex problems.

Strong experience in API security is required, ensuring the protection and integrity of APIs through robust security practices and protocols.

Excellent written and verbal communication skills.

Solid understanding of security protocols, cryptography, authentication, authorization.

Solid understanding of DevSecOps, Infrastructure-as-Code, Policy-as-code.

High level of motivation, confidence, integrity, and responsibility.

Knowledge of best practices and standards for enterprise security architecture, specifically in the field of Identity & Access Management, Enterprise Content Management, Collaboration Tools, Service-Oriented Architecture, Cloud, Mobility, Data Analytics, and Web 2.0 related services.

Practical knowledge of common Web vulnerabilities as per SANS 25 or OWASP Top 10 specifications.

Excellent interpersonal skills including the ability to work independently and effectively in a team / task force as a team member or leader, and with senior staff and managers in the unit and elsewhere in the WBG.

Ability to collaborate with senior management stakeholders to identify requirements and drive compliance with approved standards.

Please send your resumes to :

manoj@eagleiitech.com