HPR,– Need submission ASAP
In your response, please provide answers to the following questions:
- How many years of direct experience does the candidate have in implementing business and technical controls to meet specific security requirements of a large, complex organization?
- How many years of experience does the candidate have implementing and supporting such controls within a Software as a Solution (SaaS) IT environment?
- Please list any relevant professional certifications the candidate has.
Title: Program Security Architect
Location: Hybrid - McCormack Building, One Ashburton Pl 17th floor, Boston, MA 02108
Duration: 18-24 Months
Interview Process: 2 rounds
Required Skills
- In-depth exposure to technical configurations, technologies, and processing environments in one or more projects of similar size and complexity to BEST.
- In-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Documented experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x and the ITIL, SOX, COBIT and National Institute of Standards and Technology (NIST) frameworks.
- Experience in architecting and implementing cloud-based security solutions.
- Strong knowledge of security tools and capabilities, such as: IDM and SSO.
- Extensive experience in integrating security tools and 3rd party vendor solutions.
- Exceptional planning, organization, communication, prioritization, and business analysis skills.
- In-depth knowledge of risk assessment methods and technologies.
- Proficiency in performing risk, business impact, control, and vulnerability assessments.
- Excellent technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, privilege access management (PAM), data loss prevention (DLP), encryption at-rest and in-transit, multi-factor
authentication (MFA), end-point-security, vulnerability scanning and patch management, automated policy compliance tools, and desktop security tools.
- Experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.
- Knowledge of network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- Documented written and verbal communication skills.
Preferred Skills
- Experience with Software as a Service cloud implementations particularly those in which legacy on premise applications have been migrated to cloud delivery options.
- Security solution design and development leveraging multiple security teams with disparate roles and responsibilities using a cloud SaaS solution.
- Experience in migrating security solutions from legacy on-premises environment into a cloud solution within a highly regulated environment.
- Experience in performing / supporting security audits and compliance validation.
- Documented ability to interact with personnel at all levels and across all business units and organizations, and to comprehend business imperatives.
Minimum Entrance Requirements
- Bachelor's degree in computer science, system analysis or a related study, or equivalent experience.
- Minimum of five years of design and implementation experience in IT, with a deep knowledge in a minimum of two of the following technical disciplines: infrastructure and network design, application development, application programming interfaces (APIs), middleware, servers and storage, database management, data security, and system administration and operations
- Experience in generation of Security materials, including but not limited to compliance adherence, security operational procedures, security implementation plans, and network and security diagrams.
- Minimum of three years of security architecting design and implementation with security certifications, such as: SIA Security +