Sr Security Architect

PROPOSED JOB TITLE: Solutions Security Architect (Architect Senior SAR 1)

Top 3 Skills:
Security Architecture
Application Security
Communications Oral and Written

Job Description:

The Solutions Security Architect serves as a vital member of the Security Architecture Team Information Security Office. This position will be part of a team that assists the Office of Information Technology and supported State of Maine (SOM) agencies with meeting the requirements set forth by the Information Security Office. This position provides a broad range of services in strategy and consulting interactive
technology and operations with digital capabilities across all these services. The Solutions Security Architect is responsible for leading the development of information security architecture with focus on application security and ensuring technology initiatives are implemented within the guidelines of industry frameworks including NIST80053(r5) in order to maintain and improve our environments security posture. They will be accountable for strategic planning architecture and securing enterprise information by identifying network and application security requirements implementing and testing security controls and procedures.
The primary areas of focus for the Solutions Security Architect is to advise the Chief Information Security Officer in developing risk management strategies and multiyear implementation and remediation programs based on business priorities and risks to address cyber Security cyber Defense and the needs of the enterprise.
To meet these requirements the successful candidate must be knowledgeable about how security architecture fits into the broader security program and understands the security concepts outlined by the National Institute of Standards and Technology (NIST). The successful candidate will adapt and leverage both MaineIT policy and system security technology stack to reduce new or existing risk and assist the team as we work to bolster our security posture.

Key Responsibilities:

Define information security strategies including guiding principles and future state vision ensuring that the strategic objectives are aligned with business goals.
Develop and implement security policies and standards in alignment with industry best practices state and federal regulations and emerging security technologies.
Collaborate with internal and external stakeholders including IT teams vendors and State agencies to ensure that security measures are integrated into all technology solutions.
Provide technical guidance and expertise to IT teams and other stakeholders on securityrelated issues primarily in the application space.
Work closely with customer stakeholders to identify and mitigate risks perform security reviews design top tier security practices and deliver strategic innovative cloudbased security offerings.
Stay up to date on the latest security threats trends and technologies and recommend solutions to mitigate risks.
Engage in a variety of solutioning sessions which include key subject matter experts these sessions are designed to quickly produce secure and viable solutions to critical business usecases. Knowledge Skills and Abilities Required:
Expertise in conducting product research to make informed information security assessments.
Expertise in application security
Expertise in the assessment of System Security Plans and ThirdParty Audit documents such as SOC2 reports to develop information security position reports.
Expertise in identifying risk as it relates to MaineIT policy the state of its environment and Defense in Depth.
Ability to coordinate with other subject matter experts to develop a concise position on IT products and services from an information security perspective.
Ability to develop reports pertaining to vendor provided IT products and services.
Ability to document procedures and diagrams related to security architecture.
Ability to conduct research analyze and communicate the security and regulatory impact of risk to executive level management in a concise manner.
Familiarity with Cloud and Network Security concepts and tools.
Familiarity with information security system standards and certifications such as ISO27000 family and FedRAMP.
Familiarity in risk assessment processes for information technology systems as outlined in NIST Publications.
Familiarity with information security controls outlined in NIST Special Publication 80053.
Familiarity with security compliance to federal audit agency requirements for different data types (e.g. Federal Tax Information Criminal Justice Information Social Security Information Affordable Care Act Information).
A high level of attention to detail reviewing complex documents related to information security.
Minimum Qualifications:
Bachelors or Masters degree in Computer Science Information Security or a related field.
Minimum of 5 years of experience in information security with at least 3 years in a security architecture or related role.
Indepth knowledge of security principles and practices including application security risk assessment and management security architecture compliance and security testing.
Experience with security technologies including firewalls intrusion detection and prevention systems vulnerability scanners and endpoint security solutions.
Knowledge of industry standards and regulations such as NIST CIS HIPAA and FISMA.
Strong analytical and problemsolving skills with the ability to think creatively and strategically to develop effective security solutions.
Excellent communication and interpersonal skills with the ability to work collaboratively with internal and external stakeholders.
Professional security certifications such as CISSP CISM or CISA are highly desirable. If you have a passion for security and are looking for an opportunity to make a difference in a dynamic and fastpaced environment please submit your application to join the State of Maines team as a Security Architect.