We’re recruiting for an Information Security Architect to work a 12 month contract to hire spot for our local client.

NO THIRD PARTIES AND NO C2C PLEASE.

You must live in Western/Central NY

Information Security Architect

Summary:

The Information Security Architect assists in the development and execution of the information security risk management strategy, risk assessment philosophy and the IT components of the Enterprise Risk Management program. This position participates in IT security investment analysis, design, scope and approach. The primary responsibility is to provide technical expertise for the Information Security Group and serve as a trusted security advisor to the business and divisional  initiatives. The architect helps to ensure a secure, risk based, and cost-effective infrastructure and application design is developed and maintained. This position advises and consults with Information Security management, and various levels of business and IT leadership, regarding the protection of corporate information and the direction of the Information Security Program.

Essential Accountabilities: 

• Participates in development and implementation of security architecture principles and standards that align to the Organization’s overall business and strategy.
• Drives adoption and compliance of security standards across development and infrastructure teams both inside of and under contract with the Organization.
• Creates functional and technical security requirements and sees them through the project lifecycle.
• Executes an overall risk management strategy with key business and divisional stakeholders. This risk management strategy includes enterprise integration of risk management into operational, regulatory/statutory, financial, technical, and security processes, including the creation of robust disaster recovery and/or business continuity plans. 
• Performs risk-based assessments of solutions and vendors to ensure appropriate security controls are adhered to.
• Provides security consultation, including design, reviews, and recommendations for various projects and initiatives.
• Supports the team by providing hands-on support for technologies owned and operated by the Security and Risk Department.
• Establishes collaborative working relationships in the division and across the organization and subsidiaries to ensure that Information Security risks are managed, and the solutions align with the business strategy.
• Develops processes, standards, and templates for managing information security risks. Supports the implementation of new standards and solutions in close collaboration with other divisional teams to allow the Organization to protect information assets (applications and infrastructure solutions) efficiently and effectively. 
• Consistently demonstrates high standards of integrity by supporting the Lifetime Healthcare Companies’ mission and values, adhering to the Corporate Code of Conduct, and leading to the Lifetime Way values and beliefs.
• Maintains high regard for member privacy in accordance with the corporate privacy policies and procedures.
• Regular and reliable attendance is expected and required.
• Performs other functions as assigned by management.
• Leads the development and implementation of security architecture principles and standards that align to the Company’s overall business and strategy.
• Helps develop an overall risk management strategy with key business and IT stakeholders. 
• Fosters a risk management culture through education, skill development, and implementation of effective risk management processes and practices. 
• Acts as a mentor for department staff, providing subject matter expertise to the division.

Skills:

• 7+ years of experience in an Information Technology Security Role. 
• Bachelor’s degree in computer science, information technology or relevant field. In lieu of a degree, six (6) additional years of experience required.
• Exceptional communication and influencing skills with strong ability to balance differing stakeholder interests through sound analysis and persuasion.
• Ability to work collaboratively with all stakeholders, both inside and outside of the Organization. 
• Experience with the following applications or enterprise security components preferred:
• Identity and access management architecture and implementation, user provisioning/de-provisioning, single sign-on 
• Enterprise directories (AD and LDAP) 
• Multi-factor authentication
• Network and application-level security and encryption
• Security event management 
• Firewall architecture and design
• Cloud Security Controls
• Web server security
• Application security
• PKI system implementation
• Data loss prevention systems and implementation
• Intrusion detection and prevention systems for network and host systems
• Remote access security controls
• Mobile security
• Familiarity with Sarbanes Oxley, HIPAA, HCFA, PCI/DSS and other regulations impacting security (with ISO27001 and NIST security standards) is preferred, as well as COBIT and COSO familiarity.
• Demonstrated ability to work with a diverse team and assist in developing and shaping the Organization’s Security Architecture.
• Ability to translate real-world threats into actionable security tasks by balancing functionality and performance needs with prudent security measures. This includes having a thorough understanding of the ramifications of various system security decisions.
• Prior experience with architecture processes, strategies, and standards, required. 
• Experience coordinating vendor solution delivery and partnering effectively with vendors to meet business needs. 
• At least one security industry certification (i.e., CISSP, CISA, CISM, SANS) preferred.

Qualifications:

• Bachelors or better in Computer Science.
• Bachelors or better in Information Technology.

Licenses & Certifications Preferred

• CISA
• CISM
• CISSP