Cyber Security Architect

Our 4B in revenue client is the acknowledged leader in their field and is aggressively growing organically and through M&A activity across the globe. They’re committed to staying ahead of that growth from a Cyber/ Information Security perspective and are currently going through a complete current state/ future assessment and redesign of their Program to ensure maturity, governance and compliance

The Cyber Security Architect is a strategic role responsible for ensuring security is seamlessly integrated into the lifecycle of cloud infrastructure and product offerings. The focus is designing, reviewing, and implementing robust security solutions to protect sensitive data and business logic within a portfolio of products and software applications, including cloud-based and on-premises solutions. More specifically, you’ll work closely with cross-functional teams to achieve cyber security business objectives, support the implementation of secure development practices, threat modeling, architecture, design, vulnerability assessments and security verification, as well as defining the security standards for a variety of products, cloud applications and infrastructure, security tools and processes.

Responsibilities and Deliverables:

• Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
• Design and implement robust security architecture for cloud environments (AWS, Azure, Google Cloud) and product platforms and implement security solutions and capabilities that are aligned with business, technology, and threat drivers
• Collaborate with cross-functional teams to define security requirements for new and existing products or applications
• Lead threat modeling sessions to identify and mitigate potential security risks
• Perform security architecture reviews, identifies gaps in security architecture across cloud and on-premises solutions, and develops a security risk management plan
• Design and develop secure product and software architecture for various commercial products
• Develop- security product and software strategy plans and roadmaps based on sound enterprise architecture practices for all environments, including cloud and on-premise infrastructure
• Develop- and maintain- security architecture artifacts (e.g., models, templates, standards NFR’s, and procedures) that can be used to leverage security capabilities in projects and operations
• Collaborate with development and operations teams to integrate security into the software and product development lifecycle (SDLC & PDLC)
• Provide guidance and training to internal teams on security best practices
• Lead security-related projects/ initiatives, ensuring timely and effective delivery
• Partner with development teams to proactively communicate product security requirements and promote control frameworks to ensure secure goals are met
• Explain technical positions/risks to business leaders and business positions/risks to technical leaders to achieve appropriate security outcomes
• Coordinate- with the privacy office to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)
• Engage with vendors to select solutions and conduct architectural reviews of their offerings as needed
• Track- developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
• Conduct regular security assessments and audits of the platforms
• Serve as the primary liaison between the enterprise architect and the systems security engineer and coordinates with system owners and security engineers on the allocation of security controls as system-specific, hybrid, or common controls.

Serious Candidate Requirements:

• US Citizens currently working for a US based firm – REQUIRED!
• 10 years of hands-on Architectural experience
• 5 years of Security Architecture (Information/ Application/ Cloud Security)
• 5 years of Core Product security and Software development background
• Background with large, multinational corporate security environments
• Strong, hands-on experience in Threat Modeling and Security Architecture Reviews as per industry standards.
• In-depth knowledge of “Secure by Design”
• Experience with Open Security Architecture (OSA), The Open Group Architecture Framework (TOGAF), Sherwood Applied Business Security Architecture (SABSA), SANS' GAIC.
• Architecture methodologies experience (SABSA, Zachman, TOGAF, etc.)
• Familiarity with regulatory and compliance requirements like FedRAMP, PCI-DSS, NIST, HIPAA.
• Ability to articulate security requirements for building/ delivering pipelines.
• Strong, hands-on expertise in Microsoft Azure, GCP, and AWS to secure cloud applications and SaaS products.
• Strong, hands-on experience in Secure SDLC, PDLC, SAST, SCA, DAST, Container Security and Penetration testing.
• CCSP (Certified Cloud Security Professional) and/or security certifications, such as CISSP, CISA, CRISC, and CISM.
• Bachelor's degree

Additional Experience a Plus:

• Product Security experience (Digital assets, physical products, etc.)
• Manufacturing and Operational Technology (OT) security