IT Security Architect
Develops and implements enterprise information security architectures and solutions. Serves as a security expert in application development, database design, network, internet, and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Researches, designs and advocates new technologies, architectures, and security products that will support security requirements for the enterprises, business partners, vendors and casino guests.
Contributes to the development and maintenance of information security strategy and architecture. Evaluates and develops secure solutions based on approved security architectures. Analyzes business impact and exposure based on emerging security threats, vulnerabilities, and risks. Works with IT Network Manager, other functional area architects, and IT Access Security Specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and requirements.
- 7 Years of IT experience, with five years in an information security architecture role and at least two in a supervisory capacity.
- Bachelors Degree (B.A.) or equivalent combination of education and experience in Information Security, Computer Science, Management Information Systems or related curriculum.
- Must possess current CISSP or CISM certification.
- Be a recognized leader with a strong understanding of tools, technologies, security strategies and their implications on the broader business environment.
- Have in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls.
- Have knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
- Have an excellent understanding of information security concepts, protocols, industry best practices and strategies.
- Have experience working with legal, audit and compliance staff.
- Have experience developing policies, procedures, standards and guidelines.
- Have experience with common information security management frameworks, such as International Standards Organization (ISO) 17799/27001, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (CobiT) frameworks.
- Be proficient in performing risk, business impact, control and vulnerability assessments, and defining mitigation strategies.
- Have excellent technical knowledge of mainstream operating systems (for example, Microsoft Windows and Unix/Linux) and a wide range of security technologies, such as network security appliances, identity and access management systems, anti-malware (malicious software) solutions, automated policy compliance and desktop security tools.
- Professional, team oriented and customer focused
Experience in the following information security technologies and methods:
- Host and network discovery
- Vulnerability scanning
- Intrusion detection and prevention
- Log consolidation
- Security event log analysis
- Security incident response and forensic investigations
- Identity Management
- Protection Processes
- File Integrity Management
- Policy, Process and Procedures as they relate to the Security discipline
Experience with the following concepts and regulations:
- Business continuity and disaster recovery
- Information security related problem and incident management
- HIPAA, Payment Card Industry Data Security Standard (PCI)
- Experience working with 3rd party Security providers and vendors
- Work with IT Management to develop security program and security projects that address identified risks and business security requirements.
- Design and implement governance activities associated with ensuring compliance.
- Work with the selected line-of-business resource owners to determine appropriate security policies for identified resources.
- Develop associated standards and provide direction to IT staff in developing procedures and guidelines.
- Define high-level migration plans to address the gaps between the current and future state, typically in sync with the IT budgeting or other capital planning processes.
- Lead the analysis of the current security technology environment to detect critical deficiencies and recommend solutions for improvement. In addition, lead the analysis of security technology industry and market trends to determine their potential impact on the enterprise. Define metrics to measure and demonstrate value.
- Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications and software.
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Coordinate measure and report on the technical aspects of security management.
- Assess and report on threats, vulnerabilities and residual risk; and recommend remedial action.
- Work with Information Technology Leadership and business owners to establish challenging IT goals, plans and objectives that support the company’s vision.
- Ensure compliance with Gaming Commission regulations and all other applicable regulations.
- Provide leadership and direction for the integration of security strategy and architecture with business and IT strategy. Provide technical and managerial expertise for the administration of security management tools. Provide security communication, awareness and training for audiences, which may range from senior executives to field staff.
- Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations. Develop technical information materials and workshops on security trends, threats, best practices and control mechanisms for IT, as appropriate. Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department. Assist and guide the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans. Provide technical guidance to Information Security Steering Committee.