Job Title: Information Security Architect
Duration: 6 Months (Likely to extend)
Location: Boston, MA (Hybrid)
The Information Security Architect is responsible for ensuring that the organization's information security requirements are effectively integrated into enterprise architecture, including reference models, segment and solution architectures, and supporting information systems. This role ensures the organization's core missions and business processes are adequately protected.
Design Documentation:
Develop designs for configurations and controls to mitigate cyber and information security risks across applications, infrastructure, and data.
Ensure documentation of configurations aligns with organizational security standards.
Implementation Guidance:
Provide direction during the implementation of security configurations and controls.
Assist in testing and validating the effectiveness of implemented security measures.
IT Change Risk Assessment:
Engage with subject matter experts to identify security risks associated with IT changes and new technologies before implementation.
Configuration and Control Analysis:
Assess and document the current state of configurations and controls to identify potential weaknesses and gaps.
Provide recommendations to address changes in the cyber risk landscape.
Incident Response Support:
Actively participate in the Cyber Incident Response Team (CIRT) during investigations, incidents, and practice exercises.
Develop secure system designs using principles such as Zero Trust and micro-segmentation.
Provide expertise to the Information Security Risk Management Team for risk assessments of new technologies and use cases.
Guide technology teams to apply secure configurations for cloud services, solution platforms, data center environments, and IP networking, ensuring alignment with security standards.
Serve as a security representative on project teams, providing guidance throughout the project lifecycle.
Ensure security controls are designed, implemented, and documented.
Advise on remediation strategies for software and firmware vulnerabilities.
Develop risk-based security solutions that balance business requirements, compliance needs, and cyber risk.
Contribute to the Cyber Incident Response Team's activities.
Design, document, and implement enterprise-class security tools and systems.
Perform or supervise security assessments on critical technology infrastructure and applications.
Stay informed on global cyber threats and assess their potential impact on the organization's networks, systems, and applications.
Communicate complex technical topics to non-technical stakeholders.
Continuously recommend measures to protect user accounts, employee information, and constituent data.
Maintain a high standard of professional communication.
Identify and communicate emerging cybersecurity threats.
Monitor compliance with enterprise security policies and standards.
Document and maintain managed processes applying security requirements to team activities.
Provide courteous and professional responses to inquiries from customers, vendors, and colleagues.
Perform on-call support as needed.
Be available to assist with emergencies or events, which may require travel.
Required:
Bachelor’s degree or equivalent experience in computer, network, data, or cloud technologies.
Understanding of all layers of the OSI model.
Experience with security architecture frameworks.
Knowledge of cyber threat landscapes, vulnerability management, and security operations analytics.
Familiarity with cybersecurity frameworks such as NIST CSF and CIS 18.
Proven ability to perform risk assessments of applications, databases, and infrastructure.
Strong verbal and written communication skills.
Proficiency in creating and updating security documentation.
Ability to work independently and collaboratively.
Preferred:
Relevant certifications such as CISSP, CISSP-ISSAP, CISSP-ISSEP, CEH, or Security+.