Senior Cyber Risk Management Architect
A prestigious company is on the search for a Sr. Cyber Risk Management Architect. This role will be responsible for the planning, development and implementation of enterprise information security solutions (such as authentication and authorization, public key infrastructure, data loss prevention, and security event information management) to address the current and emerging security needs of the business. This person needs to have experience with API application security, advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application. Also needed is experience with one or more of the programming languages such as C, C++ Java Python.
- Contributes to a team that ensures the security of enterprise data and systems by developing enterprise information security solutions.
- Creates and updates a view of IT assets, related attack surfaces, and threat actors to illustrate the flow of data and associated security threats.
- Researches, designs, and develops new enterprise technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors.
- Serves as a security expert in one or more of application development, database design, network, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
- Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks and contributes to the development and maintenance of information security architecture.
- Engages with security specialists and other functional area architects to ensure adequate enterprise security solutions are in place to sufficiently mitigate identified risks, and to meet business objectives and regulatory requirements.
- Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks.
- Serves as an expert in one or more of platform, application, storage, network, virtualization, cloud and mobile security best practices.
- This list is not all-inclusive and you are expected to perform other duties as requested or assigned.
- A working understanding of architecture-level information security and appropriate use enforcement technology solutions including advanced malware detection/prevention, mobile device virtualization/MDM, cloud security management, structured and unstructured database encryption, mobile application and remote API security, fine-grained application authorization and access control, security event visualization, big data user and entity behavior analytics, active adversary deception, and others.
- Demonstrated understanding of contemporary security theory and application (including vulnerabilities, exploitation techniques and attack vectors).
- Strong understanding of systems development life cycle.
- Knowledge of open security testing standards and projects, including OWASP.
- Relevant security certifications (CISSP, OSCP, OSCE, GPEN, GXPN, CEH).
- Knowledge of laws, regulations, and standards relevant to the US Healthcare industry.
Excellent written and verbal communication skills (including technical writing, documentation development, process mapping, and visualization). Must be able to effectively communicate technical concepts to a non-technical audience