Information Security Architect

JOB SUMMARY: The Information Security Architect serves as a trusted advisor, bridging business objectives and technical requirements while ensuring that security is a foundational component of all projects, processes, and enterprise initiatives.

Under the direction of the Chief Information Security Officer (CISO), the Information Security Architect is responsible for collaborating with cross-functional teams across the enterprise to design, implement, and recommend robust security measures to protect information assets in alignment with FPI’s security objectives. This role demands a deep understanding of security frameworks, evolving threats, and state-of-the-art technologies, with a particular emphasis on leveraging and securing cloud platforms, including the Microsoft Azure environment.

ESSENTIAL FUNCTIONS:

• Identify and implement security design gaps in existing and proposed architectures, ensuring recommendations align with industry standards, technology strategies, and organizational goals.
• Design and implement security requirements and controls for Microsoft Azure environments, leveraging Azure-native tools such as Azure Security Center, Azure Sentinel, and Azure Entra ID.
• Develop secure, scalable architectures that account for hybrid and multi-cloud environments, incorporating Azure-specific capabilities like Azure Policy, Key Vault, and role-based access control (RBAC).
• Ensure that all project rollouts meet stringent security standards and are effectively integrated with existing applications and systems, particularly within the Azure ecosystem.
• Collaborate with cross-functional teams, including Information Technology, DevOps and application developers to embed security measures into CI/CD pipelines, utilizing Azure DevOps and Infrastructure as Code (IaC) toolsets.
• Assist in incident response activities and security investigations.

Risk Assessment and Mitigation:

• Conduct comprehensive security assessments for enterprise systems and networks, with a focus on Azure-based solutions.
• Recommend and implement mitigations for identified vulnerabilities, including configuration of Azure Network Security Groups (NSGs) and Application Security Groups (ASGs).

Documentation and Compliance:

• Assist the Information Security team with reporting, auditing, and compliance activities, ensuring adherence to governance models such as NIST CSF V.2, ISO 27001 and other relevant frameworks.
• Draft, maintain, and update Financial Partners documentation repository of security standards, policies, procedures, and architectures.

Business Liaison:

• Serve as an Information Security Advisory Committee (ISAC) liaison and trusted advisor between stakeholders and Association technical teams to address complex business problems with secure and practical solutions.
• Develop and maintain strong relationships with customer Association business units, ensuring security initiatives are effectively communicated and supported across the organization.
• Mentor and train team members and other stakeholders on security best practices.

ADDITIONAL FUNCTIONS:

• Provide expert guidance to stakeholders on implementing security best practices and Azure-specific security configurations.
• Serve as a key stakeholder in evaluating and recommending security products and services tailored to cloud environments, including a primary focus on Azure-native tools.
• Stay informed about emerging threats and vulnerabilities, particularly those targeting Azure platforms, and proactively communicate risks and mitigation strategies to the appropriate teams.
• Foster close collaboration with cross-departmental business teams to champion and drive support for and adherence to security initiatives.

OTHER DUTIES: This job description is not exhaustive and is subject to change to meet the evolving business needs of Financial Partners. Employees may be required to perform other duties within the scope of their role as necessary.