Senior Information Security Cloud Architect LOCATION: Montpelier VT or Addison, TX
What’s it like to work here?
At National Life, we do work that matters in a culture where people matter. Be part of a growing company, where you drive your career and have an impact every day. We believe that growth isn’t just about numbers, it's about keeping promises to our customers and each other. We see ourselves as “do gooders” who contribute to our company, our cause and our communities.
What will my role look like?
As a Sr. Information Security Cloud Architect, you will work closely with IT and business senior leaders to drive a security-minded culture, while defining standards and maintaining security controls at the Enterprise level. Within our growing organization, you will have the critical responsibility to identify, document and communicate complex security and technical issues, in a simplified, non-technical way to a broad audience; from developers to senior executives. You are a curious, self-starter joining an organization that is technologically and digitally transforming. You are willing to challenge the status-quo with the mindset of continuous improvement and a drive for seamless execution. Reporting to the Director of Information Security, you will be a security champion that influences and inspires people from a range of disciplines, as well as colleagues and internal clients at every level.
Define and Design
Work across the business to define technical and functional requirements covering areas of software design, including microservice APIs, Cloud Services (Azure, AWS, etc.), and XaaS integration
Work with software/infrastructure architects and leads to ensure security components (security technology, operations, and management) are integrated into the design as defined in the requirements
Azure Enterprise Mobility and Security Suite (EM+S) design and implementation
O365 Security and Compliance control and standards
Governance process to ensure continued compliance to stated security design requirements
Assist in designing containerization/microservices security architecture, standards and procedures
Design and develop cost effective security solutions that meet functional, technical, and performance requirements
Review security architecture deliverables throughout software/system development to ensure quality and requirement traceability
Security design with stakeholders to ensure the design satisfies the requirements.
Ensure adherence to all regulatory and security industry best practices (NYDFS, FINRA, OWASP, SANS, NIST)
Assess the software/systems security architecture, ensuring that it meets business and security requirements, as well as industry regulations
Security Architecture from hardware, network and software
Identify gaps and omissions in the end to end solution
Take ambiguous requirements and identify, suggest, and implement effective compensating controls in a complex, fast-moving, and regulated cutting-edge environment
Collaborate and Communicate
Identify and communicate any cross area or cross release issues that affect other project areas
Work with other software/infrastructure architects and leads to define a governance process to ensure continued compliance to stated security design requirements
Document and communicate the status of progress against plans, taking corrective action as necessary
Qualifications: Does this sound like you?
Education & Experience
Bachelors (BS) degrees in related technical field AND 6 years’ IT Security experience or 10 years’ experience including following:
Designing and building secure systems, networks, and infrastructures
Defining enterprise, infrastructure, or application security architecture and security standards
Defining cloud architectures and API web-services delivery, risks, and controls
Experience in two or more of the following security frameworks and standards; NIST CSF, NIST 800-53, ISO/IEC 27001, ITIL, COBIT, SABSA, TOGAF
4+ years demonstrated experience leading design and implementation of technologies in a Microsoft Azure public cloud environment
Experience with Cloud Security Alliance Framework
Experience designing and implementing Container Security, API Security, and Azure Cloud Security
Demonstrated experience in security integration using oAuth, OpenID Connect, SAML, and LDAP
Certified Information Systems Security Professional (CISSP) required or able to attain within 6 months of hire
Strong knowledge of Containerization technologies such as; Kubernetes, Openshift, Docker
Knowledge of security industry best-practices, including nonrepudiation, auditing, and monitoring
Familiarity with agile development
Azure Solutions Architect
Offensive Security Certified Professional (OSCP)
Certificate of Cloud Security Knowledge (CCSK)
Information Systems Security Architecture Professional (ISSAP)
How You Show Up
You’re a coach who knows how to guide others. You’re a good listener and an effective communicator who can execute, lead by example and add business value.
You want to part of a culture and a team where you have a voice, and you respect the voices of others.