Information Security Architect

Quantam Solutions provides IT solutions and consulting for various clients. We offer a competitive hourly wage, health benefits, paid time off, and a 401(k) plan. We're currently seeking an Information Security Architect.

About Our Client:

Our client is passionate about building and improving their community. Devoted healthcare professionals and application specialists contribute to the safety and health of our residents. Suppose you are searching for a purposeful role where you can make a tangible impact on healthcare and technological growth. In that case, we invite you to explore the rewarding job opportunities we present.

The Opportunity:

We're seeking highly motivated candidates for the Information Security Architect position, reporting to the Chief Information Security Officer. As the Information Security Architect, you will serve as the principal security advisor for planning, designing, implementing, maintaining, and analyzing systems within the division. As the Subject Matter Expert (SME) for all security operations, you will guide internal client developers and vendor partners on security strategy and requirements. Your role will be instrumental in analyzing the current state of the division's security program, designing future states, and creating implementation roadmaps to enhance security posture. Additionally, you will play a crucial role in designing, implementing, and maintaining robust security solutions to protect our organization's sensitive information and assets. Collaboration with various teams to assess security risks, develop strategies, and implement controls to mitigate threats effectively will be essential. This role requires a deep understanding of security principles, technologies, and industry best practices. Other responsibilities include:

Required Experience:

Security Program Development:

• Analyze the current state of the Division's security program and design future states, creating a roadmap for implementation.
• Develop a business case and key performance indicators (KPIs) and socialize the security program within the Division.

Security Policy Management:

• Assess, manage, and improve security policies and procedures to align with industry best practices and organizational objectives.
• Advise on security decisions and direction based on the Division's vision and mission.

Collaboration and Strategy Development:

• Collaborate with other Division Architects and the Security Operations Manager to develop global security strategies based on industry best practices.
• Advise on security decisions and direction based on a deep understanding of the Division's vision and mission.

Security Architecture Development:

• Develop and maintain a security architecture process aligned with business and technology drivers.
• Create security strategy plans and roadmaps based on enterprise architecture practices.

Security Standards and Procedures:

• Draft security procedures and standards for executive management approval or authorization by the Cabinet CISO.
• Determine baseline security configuration standards for operating systems, network segmentation, and identity and access management.

Risk Assessment and Response:

• Perform risk assessments, advise on risk response strategies, and identify security issues from system integration.
• Conduct or facilitate threat modeling of services and applications to mitigate associated risks.

Collaboration and Coordination:

• Coordinate with DevOps teams to advocate secure coding practices and escalate concerns about poor coding practices.
• Liaise with privacy and compliance officers to document data flows of sensitive information and recommend appropriate controls.

Security Operations Support:

• Support internal security controls testing and validation as directed by the CISO or internal audit team.
• Review security technologies, tools, and services and recommend their use based on security metrics.

Security Infrastructure Implementation:

• Evaluate, select, and implement security technologies, tools, and solutions to enhance the organization's security posture.
• Configure and deploy security infrastructure components such as firewalls, intrusion detection/prevention systems, endpoint protection, encryption, and authentication mechanisms.

Incident Response and Forensics:

• Develop incident response plans and procedures to mitigate security incidents effectively.
• Conduct post-incident analysis and forensic investigations to identify root causes and prevent future occurrences.

Security Awareness and Training:

• Develop and deliver security awareness training programs to educate employees on security risks and best practices.
• Provide ongoing support and guidance to staff regarding security-related inquiries and concerns.

Preferred Education & Experience:

• Bachelor’s degree in computer science, Information Security, or related field; advanced degree preferred.
• Proven experience (5 years) in information security architecture, design, and implementation.

Candidates with one or more of the following certifications are a plus:

• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), or other relevant certifications preferred.

This is a partial listing of the necessary knowledge, skills, and abilities to perform the job successfully. It is not an exhaustive list.

• Ability to set the tone for the organization and motivate management and team.
• Understanding information security regulations, including the Federal Information Security Management Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), ISO 27001, COBIT NIST, and ITIL.
• Maintaining security, assessing and evaluating security, and doing security incident forensic work. Knowledge of vendors and their products, including: Experience with Government agencies, particularly the Department of Defense (DoD), on information security matters. Experience with Government Classified systems and the associated security requirements.
• Updates job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations.
• Proficiency in Microsoft Office Suite (Word, Excel, Outlook, etc.)
• Innovative and creative mindset
• Basic network security knowledge (general principles)
• Excellent documentation and communication skills.
• Ability to organize tasks into milestones and successfully execute to project completion.
• Can work independently with little direct supervision.
• General cyber-security understanding