This site uses cookies. To find out more, see our Cookies Policy

Senior Application Security Architect in Southfield, MI at AF Group

Date Posted: 7/11/2018

Job Snapshot

Job Description



SUMMARY:



The enterprise security architect is responsible for analyzing the enterprise's information security environment and recommending security measures to safeguard its information assets. This means understanding the risk culture and the business requirements for security and how to best to meet those needs. This position will develop and implement security plans appropriate to the level of risk the enterprise faces.

The enterprise security architect acts as an advisor to the enterprise's business units, as well as to other risk management functions, such as the enterprise risk management, audit and business continuity management. For this reason, an up-to-date understanding of the latest security threats, trends and technologies is a crucial component of the position.

The enterprise security architect works closely with the other members of the team to develop and implement a comprehensive information security program. This includes defining security policies, processes and standards. The enterprise security architect works with the IT department to select and deploy technical controls to meet specific security requirements, and defines processes and standards to ensure that security configurations are maintained. The enterprise security architect will assist in the selection and tailoring of approaches, methods and tools to support the enterprise.



RESPONSIBILITIES/TASKS:




  • Works with the business units and with other risk functions to identify security requirements, using methods that may include risk and business impact assessments.
  • Develops strategies and plans to achieve security requirements and address identified risks.
  • Reports to IS Leadership and management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
  • Improves quality results by evaluating, suggesting upgrades and directing changes.
  • Plays an advisory role in application development or acquisition projects, to assess security requirements and controls and ensures that security controls are implemented as planned.
  • Collaborates on critical projects to ensure that security issues are addressed throughout the project life cycle.
  • Assists in the development of security architecture and security policies, principles and standards.
  • Works with IT department and members of the information security team to identify, select and implement technical controls.
  • Develops security processes and procedures and supporting service-level agreements (SLAs) to ensure that security controls are managed and maintained.
  • Defines security configuration and operations standards for security systems and applications.
  • Assists with the resolution of negative audit findings reported by internal or external auditors.
  • Assists security team and IT staff in the resolution of reported security incidents.
  • Advises security team on normal and exception-based processing of security authorization requests.
  • Participates in security investigations and compliance reviews as requested by internal or external auditors.
  • Researches, evaluates, designs, tests, recommends and plans the implementation of new or updated information security technologies.
  • Researches and assesses new threats and security alerts and recommends remedial action.
  • Develops and fosters relationships with both business and technology customers and maintains strong relationships with technical teams.

    This position description identifies the responsibilities and tasks typically associated with the performance of the position. Other relevant essential functions may be required.





    EMPLOYMENT QUALIFICATIONS:



    EDUCATION OR EQUIVALENT

    EXPERIENCE:



    Bachelor's degree in information systems or related field. Combinations of relevant education and experience may be considered in lieu of a degree. Continuous learning, as defined by the Company's learning philosophy, is required. Certification or progress toward certification is highly preferred and encouraged. Certification from industry respected groups such as: Information Systems Security Certification Consortium, Inc., (ISC)²®, CISSP, or SysAdmin, Audit, Network, Security Institute (SANS)/The Global Information Assurance Certification (GIAC) strongly preferred.



    EXPERIENCE:



    Ten years relevant information services experience which provides the necessary skills, knowledge and abilities. Experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001 and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks, Experience developing, documenting and maintaining security policies, processes, procedures and standards. HITRUST experience desired.



    SKILLS/KNOWLEDGE/ABILITIES (SKA) REQUIRED:




  • In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
  • Knowledge of developing and documenting security architecture and plans, including strategic, tactical and project plans.
  • Extensive knowledge and understanding of computer systems architecture and design, computer industry trends and project management.
  • Technical knowledge of mainstream operating systems (for example, Microsoft Windows and Linux and a wide range of security technologies, such as network security appliances, identity and access management (IAM) systems, anti-malware solutions, automated policy compliance and desktop security tools.
  • Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts.
  • Strong analytical skills, to analyze security requirements and relate them to appropriate security controls.
  • Ability to interact with personnel at all levels and across all business units and organizations, and to understand business imperatives.
  • Strong leadership abilities, with the capability to develop and guide information security team members and to work with only minimal supervision.
  • Strong written and verbal communication skills.
  • A strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships.



    WORKING CONDITIONS:



    Work is performed in an office setting with no unusual hazards. Some travel is required.

    The qualifications listed above are intended to represent the minimum education, experience, skills, knowledge and ability levels associated with performing the duties and responsibilities contained in this job description.

    We are an Equal Opportunity Employer. Diversity is valued and we will not tolerate discrimination or harassment in any form. Candidates for the position stated above are hired on an "at will" basis. Nothing herein is intended to create a contract.

    Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled