Information Security Architect

SCT resources have a broad range of skills in different technologies. The large skill-set has been made possible by a conscious focus on strengthening our skills base. Every person selected for our team brings something new, something that adds to our offerings. We learn continuously, both on the job and through formal training programs.

Security Architect is responsible for providing strategic leadership in the design, development, implementation and maintenance of an enterprise security architecture and for ensuring compliance with   standards and guidelines to achieve critical objectives and support relationships within the Division  

Key responsibilities include:  overseeing strategic and tactical planning and the provision of risk management in the areas of physical environment and information resources, server and service design, server-based applications, implementation, operations and support; ensuring reliable and robust access controls, service availability, and activity/incident reporting; establishing and implementing security standards related to the use and operation of servers and network services; developing and maintaining information security policies; designing security policy education, training, and awareness activities; monitoring compliance with IT security policy and applicable law; coordinating investigations and reporting of security incidents; and monitoring, assessing, and fine-tuning the Advancement business continuity and disaster recovery program, performing security penetration tests, application vulnerability assessment scans and risk assessment reviews.

 QUALIFICATION

• Microsoft Certified IT Professional (MCTIP):
• Enterprise Administrator and Certified Information Security Manager accreditation is highly recommended.
• Certified Information Security Professional (CISSP) accreditation is strongly preferred.
• Other Security certifications: Certified Information Security Manager (CISM),
• Certified in Risk and Information Systems Control (CRISC),
• Certified Information Security Auditor (CISA) are a definite plus.

DUTIES:

• Oversee the security operations through management of the divisional security infrastructure.
• Provide corporate knowledge of secure environments by administering access rights to hardware, software, and systems within organization
• Oversee security auditing functions, develop and implement plans for disaster recovery and business continuity, and liaise with Central IT to ensure compliance with  corporate standards and guidelines.
• Liaise with Central IT to perform a Threat/Risk Assessment (TRA) and a Privacy Impact Assessment (PIA) on existing and future systems.
• Develop information security strategy/roadmap by understanding key client objectives; diagnosing and mapping client requirements; articulating solution risks and barriers; recommending project approaches; preparing time and cost estimates; planning full project life cycle
• Define, implement and operate information security governance model that provides structure for divisional resources and projects.
  • Lead and facilitate information/requirements gathering sessions to validate business cases, gather and document business and functional objectives, as well as the development and testing processes for new, changed and enhanced features and functions for assigned applications/systems.
  • Utilize extensive security knowledge and experience to provide clients with high quality consulting service.
  • Establish an enterprise security stance through policy, architecture and training processes.
  • Interface with peers within the central division as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation.
  • Oversee security audits and implement security policies, business continuity and disaster recovery plans in order to minimize overall risk to the organization and mitigate potential security breaches that not only include physical security but also information security. 
    • Security Policy Development Documentation 
    • Security Architecture 
    • Security Education &Consulting Services
    • Security Risk Identification 
    • Security Systems Assessment/Evaluation