security architect - Orono, United States - RIT Solutions, Inc.

Description

SECURITY ARCHITECT
This job is 100% remote. ALL CANDIDATES MUST BE EST.


Top 3 Skills:

Security Architecture
Application Security
Communications, Oral and Written

Job Description:
The Solutions Security Architect serves as a vital member of the Security Architecture Team, Information
Security Office. This position will be part of a team that assists the Office of Information Technology and
supported Client agencies with meeting the requirements set forth by the Information
Security Office. This position provides a broad range of services in strategy and consulting, interactive,
technology and operations, with digital capabilities across all these services.
The Solutions Security Architect is responsible for leading the development of information security
architecture with focus on application security and ensuring technology initiatives are implemented within
the guidelines of industry frameworks including NIST800-53(r5) in order to maintain and improve our
environments security posture. They will be accountable for strategic planning, architecture, and securing
enterprise information by identifying network and application security requirements, implementing and
testing security controls and procedures.
The primary areas of focus for the Solutions Security Architect is to advise the Chief Information Security
Officer in developing risk management strategies and multi-year implementation and remediation
programs based on business priorities and risks to address cyber Security, cyber Defense and the needs of
the enterprise.
To meet these requirements the successful candidate must be knowledgeable about how security
architecture fits into the broader security program and understands the security concepts outlined by the
National Institute of Standards and Technology (NIST). The successful candidate will adapt and leverage
both MaineIT policy and system security technology stack to reduce new or existing risk and assist the
team as we work to bolster our security posture.


Key Responsibilities:

• Define information security strategies, including guiding principles and future state vision, ensuring

that the strategic objectives are aligned with business goals.

• Develop and implement security policies and standards in alignment with industry best practices,

state and federal regulations, and emerging security technologies.

• Collaborate with internal and external stakeholders, including IT teams, vendors, and State

agencies, to ensure that security measures are integrated into all technology solutions.

• Provide technical guidance and expertise to IT teams and other stakeholders on security-related

issues primarily in the application space.

• Work closely with customer stakeholders to identify and mitigate risks, perform security reviews,

design top tier security practices, and deliver strategic, innovative cloud-based security offerings.

• Stay up to date on the latest security threats, trends, and technologies, and recommend solutions to

mitigate risks.

• Engage in a variety of solutioning sessions which include key subject matter experts, these sessions

are designed to quickly produce secure and viable solutions to critical business use-cases.

Knowledge, Skills, and Abilities Required:

• Expertise in conducting product research to make informed information security assessments.
• Expertise in application security
• Expertise in the assessment of System Security Plans and Third-Party Audit documents such as

SOC2 reports to develop information security position reports.

• Expertise in identifying risk as it relates to MaineIT policy, the state of its environment and Defense

in Depth.

• Ability to coordinate with other subject matter experts to develop a concise position on IT products

and services from an information security perspective.

• Ability to develop reports pertaining to vendor provided IT products and services.
• Ability to document procedures and diagrams related to security architecture.
• Ability to conduct research, analyze, and communicate the security and regulatory impact of risk to

executive level management in a concise manner.

• Familiarity with Cloud and Network Security concepts and tools.
• Familiarity with information security system standards and certifications such as ISO-27000 family

and FedRAMP.

• Familiarity in risk assessment processes for information technology systems as outlined in NIST

Publications.

• Familiarity with information security controls outlined in NIST Special Publication
• Familiarity with security compliance to federal audit agency requirements for different data types

(e.g., Federal Tax Information, Criminal Justice Information, Social Security Information, Affordable
Care Act Information).

• A high level of attention to detail reviewing complex documents related to information security.

Minimum Qualifications:

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• Minimum of 5 years of experience in information security, with at least 3 years in a security

architecture or related role.

• In-depth knowledge of security principles and practices, including application security, risk

assessment and management, security architecture, compliance, and security testing.

• Experience with security technologies, including firewalls, intrusion detection and prevention

systems, vulnerability scanners, and endpoint security solutions.

• Knowledge of industry standards and regulations, such as NIST, CIS, HIPAA, and FISMA.
• Strong analytical and problem-solving skills, with the ability to think creatively and strategically to

develop effective security solutions.

• Excellent communication and interpersonal skills, with the ability to work collaboratively with

internal and external stakeholders.

• Professional security certifications, such as CISSP, CISM, or CISA, are highly desirable.

If you have a passion for security and are looking for an opportunity to make a difference in a dynamic and
fast-paced environment, please submit your application to join the State of Maine's team as a Security
Architect.