Security Architect I

IMP: Client is looking for someone who has security architecture experience with security design and requirements, Security Architect , Design ,Internal Controls, Cloud Security , Audit , GRC , Risk  and internal controls and willing to work in US Shifts Security Architect I    What you will be doing This is a good fit for you if you are a junior to mid-level Information Security, Cyber Security Professional or related experience with security exposure. The Information Architect role is responsible for improving application and systems security and will support efforts to minimize the possibility that coding, design, or configuration security vulnerabilities could work their way into production environments, presenting a potential point-of-compromise. The Security Architect will review project documentation, research, and reference security policy, render recommendations and guidance, approve, or reject project artifacts from a security perspective, and perform other tasks in the pursuit of securing systems, processes, and software applications. Responsibilities will include:Providing input and recommendations to the development teams related to architecture, design, coding practices and SDLC elements that could potentially impact the application or solution from a security perspective.Validating controls for Encryption, Access Control, Web Application Vulnerability Detection, OWASP top 10 and other common web application security parameters.Reviewing application architecture and design from an application security and information security perspective ensuring alignment with organization security standards and industry best practices.Serving as a subject matter expert (SME) for performing vendor risk assessments (including Cloud Services) to improve overall vendor risk program.Providing technical expertise on secure software development and support of all associated activities, processes, and tools for protecting technology-based informationEnsuring that development is done in accordance with industry standards for secure developmentFacilitating Periodic static code analysis utilizing existing standard service offering.Facilitating dynamic and/or manual security testing utilizing existing standard service offeringReviewing, developing, testing, and implementing security plans, products, and control techniquesReviewing circumstances surrounding security gaps in and designs corrective actionsMaintaining awareness of security and technology trends and shares that knowledge with othersEvangelizing security policies, standards, and nonfunctional requirements where/when neededDaily and Weekly Status Reporting - for Work in Process and Planned and issuesDocumenting processes, procedures, assessment outputs, working papers documentation to support existing SDLC and governance requirementsRepresenting security and IT risks among other company risk departments and committees.Evaluating the effectiveness of awareness and training programs and makes recommendations for improvement.  What your background should look likeBachelor's Degree in Computer Science, Information Systems or other related field, or equivalent work experience5-10 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over five years of experience designing and deploying security for Business products and services and Enterprise solutions at the enterprise level.Preferred Certification in one or more Information Security relevant areas such as Audit (CISA), Security Management (CISM), Security Professional (CISSP), Cloud Security (CCSP, CCSK, AZ500Requires in-depth knowledge of security issues, techniques, and implications across all existing computer platforms.Experience with evaluating and implementing security controls as related to Cloud based services including SaaS, PaaS, IaaS.Strong computer skills to operate effectively with company systems and programs; working knowledge of applicable computer applications used at ABCWorking knowledge of network solutions and systemsGood analytical and problem-solving skillsAbility to communicate effectively both orally and in writingGood interpersonal skillsAbility to prioritize workload and consistently meet deadlinesStrong organizational skills; attention to detailAbility to lead and provide direction to project/product teamsStrong consultative skills: ability to interface effectively with technical and non-technical leaders.Understands Information Security as it relates to the business and other areas of IT; understands direct impacts and risks.Demonstrated sound understanding of at least 3 of the following control frameworks such as ISO 27001/27002, HITRUST, PCI, NIST, GDPR and PCIBusiness experience in a matrix OrganizationStrong written and verbal English language skillsMust be able to work with business stakeholders during their normal working hours (typically 9:00 AM – 5:00 PM ET US)