Information Security Architect - Remote / Telecommute

• Maintain, and develop and implement a strategic, long-term information security strategy and roadmap to ensure that client information assets are adequately protected.'
• Work with senior leaders across the Cabinet to assess and communicate acceptable levels of risk.
• Identify, evaluate, and report on information security risks, practices, and projects to the Executive leadership, and provide subject matter expertise on security standards and best practices.
• Develop, mentor, and manage a high-performing staff of information security professionals.
• Maintain the Cabinet's understanding of security beyond a 'compliance-only' view.
• Lead the development of up-to-date information security policies, procedures, standards, and guidelines, and oversee their approval, dissemination, and maintenance.
• Ensure that the security management program is in compliance with applicable laws, regulations, and contractual requirements.
• Act as the champion for the enterprise information security program and foster a security-aware culture.
• Oversee the evaluation, selection, and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.'
• Partner with enterprise architects, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and guidelines.
• Coordinate and manage regular reporting and collaboration with the Commonwealth Office of Technology (COT) and COT CISO/Security Office in areas such as intrusion detection and vulnerability reporting, internal and external IT audit groups reviews, and the coordination of all required fixes.
• Develop business metrics to measure the effectiveness of the security management program and increase the maturity of the program over time.
• Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action.
• Liaise with law enforcement and other advisory bodies as necessary to ensure that the organization maintains a strong security posture.
• Oversee incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal matters.
• Oversee and lead the creation, communication, and implementation of a process for managing vendor risk and other third-party risk.
• Lead strategy and maintain Federal reporting, i.e., POAM items to CMS.

• Bachelor's Degree in computer science, engineering, or a related field; (graduate degree preferred).
• Minimum 10 years of IT and business leadership experience, and 5+ years of information security/cybersecurity experience.
• A proven record of accomplishment in developing information security policies and procedures, and successful execution.
• Extensive knowledge of business risk, risk assessment, and risk-based decision-making.
• Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms), including Secretary/Governor level.
• A natural influencer and coalition builder; passionate about building high-performing teams.
• Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals, an innovative leader, problem solver, and consultant.
• Ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function.
• Excellent written and verbal communication, interpersonal and collaborative skills.
• Experienced with contract and vendor negotiations.
• Ability to effectively prioritize and execute tasks in high-pressure situations.
• Knowledge of security, risk, and control frameworks and standards such as NIST CSF, ISO 27001 and 27002, SANS-CAG, FISMA, COBIT, COSO, and ITIL.
• Understanding of cloud, SaaS, and IoT architectures, and their implications on information security strategy.
• Technical acumen including but not limited to: OSI, IT infrastructure, cloud, application development languages, tools and frameworks, database technologies, web technologies, next-gen mobile, network architecture, enterprise architecture, and directory services.
• Security technology acumen and experience including but not limited to firewall, intrusion detection, cyber-attack tools and defenses, encryption, certificate authority, web filtering, anti-malware, anti-phishing, identity and access management, and multi-factor authentication.
• Professional certifications, such as a CISSP, CISM, C|CISO, and CISA.

Last updated on Aug 9, 2023