Job Title: Security Architect
Location: Chicago, IL
Project Duration: 6+ Months (Extensions likely)
- The client is seeking an experienced security architect to collaborate with the Compliance, Audit and Risk team to identify & prioritize risk components, technology audits, and compliance issues respectively for the IS organization. Based on the prioritization, the architect will create and maintain the 12 to 36 month strategy and direction for information security technologies.
- This position reports to the Senior IS Security Manager.
Role Specific Responsibilities:
- Create security architecture standards for adoption of new technology
- Identify, quantify, and provide recommendations for secuirty risks as it relates to enterprise projects.
- Partner with CAR, Engineering and IT leaders to drive security strategy and direction
- Produce management reporting, including appropriate metrics that inform senior leadership as to the state of information risk and exposure
- Understands security product / service cost drivers and industry and business trends impacting the US Cellular information security program
- Recognizes and identifies potential areas where existing security polices and procedures require change, or where new ones need to be developed, especially regarding future business expansion
- Provide information security matter expertise to technology teams and projects
- Evaluate and recommend security software/hardware and its integration into existing architecture (Proof of Technology)
- Consult with business clients and 3rd parties on security architecture
- Research and benchmark security infrastructure technologies as it relates to the organization
- Ensure that the organization is leveraging the proper technologies to meet SOX, PCI, and CPNI compliance.
- Ensure compliance with local regulations e.g. local encryption regulations and privacy law
- College degree in related technical / business areas and/or 7 to 12 years equivalent work experience
- 3+ years experience as a security architect or consultant for a Fortune 500 company
- CISSP certification a plus or other relevant security certifications
- Professional security management certification, such as a Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.
- In depth knowledge of information security practices related to PCI, SOX, CPNI, and OWASP application security.
- Solid understanding of information security standards and frameworks (NIST, ISO27001, etc.)
- Experience implementing security at the application, network and operating system levels
- Experience with mainstream IT Technologies, such as products from Oracle, and IBM
Relevant Technical Skills:
- Information Risk Mgmt: Content filtering technologies, application firewalls, vulnerability scanners, LDAP, security incident response, encryption, Identity Management (IdM)
- O/S: Linux (Red Hat, SUSE), Windows (2008 Server, XP, Windows 7), UNIX, AIX
- Network: Firewalls, Proxy Servers, Reverse Proxy Servers, IPS, Wireless Security
- Data Governance: Data Loss Prevention, File Integrity Monitoring, SEIM