Home > Northern Virginia jobs > Northern Virginia administrative/office

Posted: Wednesday, November 15, 2017 12:13 AM


Information Security Architect

job details:

location:Herndon, VA

salary:$88 per hour

job type:Temp to Perm


Randstad Technologies is searching for a dynamic, experienced individual to lead our client's information security assessment and protection functions, shaping the future company blueprint for information security. The Information Security Architect position is responsible for the establishment of and assessment against Information Security architecture policies, standards and guidelines to ensure that systems are designed and built in a manner that minimizes security risk while ensuring business needs are met. The Security Architect will implement mechanisms to empower technology owners to easily locate and mitigate risk.

Are you ready to make a difference by:

Reporting to the Senior Director of Information Security, Audit and Compliance, in close partnership with security personnel and cross-functional teams, you will develop the guidelines, templates, and tools used to achieve desired risk levels and secure our client's data and intellectual property. You will provide deep technical expertise and leadership. You will be our customers' advocate and educate others on key security principles and requirements. You will be part of an experienced team of security professionals whose mission is to fanatically protect our Company and our customer's data.

Being a collaborative disrupter who works with a sense of urgency and an eye toward the future, understanding where the organization should be headed regarding information security, helping to build the framework to get there and partnering with key stakeholders to implement the vision. Ideal applicants are quick on their feet, love to take risks, and will constantly challenge assumptions. The Architect works with various areas of the business to collaborate on strategy, help design secure solutions, and build standards for how those solutions should be implemented and maintained in the future.

Providing expert guidance and security oversight for projects, technical architecture, vendor and product selection. The Architect will provide technical leadership to solution designers and delivery teams. The Security Architect will work with infrastructure and end-user support organizations on the execution of security strategic initiatives.


· Provide security architecture expertise in support of application and system development, infrastructure, and enterprise technology projects to ensure responsible risk management

· Assess project requirements related to application, network and infrastructure security, including assessment against our client's security policy and standards, conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates

· Provide support to Business Partners during RFP and contract processes. Performs security due diligence reviews of potential vendors as part of the RFP process and for regular third party security risk assessments to ensure the company's data and systems are appropriately protected

· Identify and document architectural and other security risks associated with the solution architecture, and mitigating controls where necessary

· Develop, implement and continue to mature the security architecture policies, standards, practices and guidelines ensuring that they remain aligned with business objectives, meet regulatory and contract requirements and are updated to address changes to risk landscape

· Define and maintain security architecture and roadmap based on ongoing research, evaluation work on next generation security technologies and understanding of best practices, marketplace, and emerging threats

· Build relationships, and influence decision makers in technology groups and business units across the client to create, refine, deliver and evangelize information security standards that balance business and security priorities

· Report on comprehensive cyber security risk score

· Develop and own assessment tools, processes and practices in order to produce a meaningful and impactful set of metrics

· Develop and own assessment tools that are easy to use and which apply industry best practices to highlight key risks

· Maintain industry expertise by tracking and understanding emerging security practices and standards; participating in educational opportunities; and interfacing with the security community including thought-leaders, industry peers, customers, and auditors

· Mentor technology teams and evangelize security practices to contribute to a collaborative and healthy learning environment

· Provide mitigation strategies in the design and development of systems to ensure security risk is minimized by having familiarity with the current threat environment, how these threats can exploit known vulnerabilities


5+ years combined hands-on experience with information systems security, design, development, implementation and support

3+ years of directly building and managing information security architecture and risk governance

BS in Computer Science or equivalent experience preferred

Industry certifications, such as CISSP, CISA, GSEC, etc

Thorough understanding of risk management principles and processes

Experience leading security assessments of large, enterprise-wide systems

Experience creating security assessment tools, producing reports on organizational security posture, and developing company risk governance frameworks

Experience applying CIS, SOC2, PCI, and other control frameworks to identify security gaps and prioritize their remediation

Experience with hosted and cloud services, especially SaaS and PaaS, and the related security implications and control approaches

Key Competencies

Thorough knowledge and understanding of software technologies, as well as the methods used in performing risk analysis

Experience with common operating systems and server platforms (e.g. Windows, Linux, UNIX)

Knowledge of Networking, Virtualization, Storage and Cloud Technologies including but not limited to secure implementation of: local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), wireless networks (Wi-Fi), switches, routers, firewalls, wireless access points and related security and network devices; Hypervisors, VMs and VDIs; Storage Area Networks (SAN), Network Attached Storage (NAS), CIFS, SMB and relevant security and replication technologies

Excellent understanding of cloud security and experience with design and/or implementation of applications in the cloud; Understanding of cloud deployment models: Private Cloud, Public Cloud, Hybrid Cloud; Cloud service models: Infrastructure as a service (IaaS), Platform as a service (PaaS) and Software as a service (SaaS); implantation of relevant controls to ensure Confidentiality, Integrity and Availability of our client's data

Extensive knowledge of technical security controls and technologies (e.g. IDS, IPS, traditional, NextGen and Web Application Firewalls; Data Loss Prevention; Antivirus, Anti-malware and Zero Day technologies; Security Information and Event Management (SIEM); Access and Identify Management and Privileged User Management; Public Key Infrastructure and Certificate management)

Clear understanding of IAM workflow and tools and technology in Identity and Access management area

Ability to obtain a working knowledge of all areas of the organization and the ability to develop a clear understanding of the client's key functional processes and critical customer services

Communication skills - the ability to verbally communicate technology-related issues and security-related issues to every level of the organization (end-users, IT staff, managers, vendors, contractors, etc.). Written communication skills are also important for writing security-related policies, standards and awareness documents

Experience in policy/standard creation and acceptance

Ability to consistently categorize, measure, and prioritize security risks, express them in the language of the business unit to make them easily digestible by system owners, and assist in their mitigation

Expert collaborator who lives and believes an "options before obstacles" mindset

Strong understanding of security tenets, such as encryption/key management, network design, access control, incident containment

Knowledge of the intricacies related to NIST, HIPAA, SOX, PCI, or state privacy laws

Analytical and creative thinker, thorough and detail-orientated deliverer who works with a high sense of urgency

Can work independently with minimum direction and can manage own workload/commitment. Works efficiently and accurately in a fast-paced environment

If you or someone you know may be interested in being considered for this role, please reach out to ASAP with your resume!

• Location: Herndon, VA, Northern Virginia

• Post ID: 38905607 nova is an interactive computer service that enables access by multiple users and should not be treated as the publisher or speaker of any information provided by another information content provider. © 2017