Washington University is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity or expression, national origin, genetic information, disability, or protected veteran status.
This position is full-time and works approximately 40 hours per week.
Department Name/Job Location:
This position is in the Department of Information Security. This position is for the Danforth Campus.
This position is within the Washington University in St. Louis Information Security Office and will have the ability to guide teams to deliver secure architectures and designs. They will liaise with university – academic, research, and clinical technology groups to provide functional and technical expertise related to data protection, security and privacy. The security architect will also serve as the data protection champion partnering with school, department, and IT application owners to raise awareness and educate them on data protection requirements and responsibilities. They will mentor other IT staff in determining accurate risk profile and methods to mitigate identified risk.
PRIMARY DUTIES AND RESPONSIBILITIES:
Create, document, and communicate security requirements based on standards, best practices, threats, and/or regulatory requirements.
Review research contracts and grants to identify the appropriate security controls and plan.
Develop security plans for systems and projects.
Develop corrective action plans as necessary.
Work with ISO, NIST frameworks.
Review federal, state, and industry regulations to ensure appropriate requirements and controls are in place to maintain\obtain compliance (i.e. HIPAA, PCI, GDPR).
Ensure IT security architecture, plans, controls, policies and procedures are aligned with IT standards and mission.
Develop and document target-state and mutli-year security architecture strategies.
Delivers guidance for the planning process and provide teams a clear direction for implementation of their required security controls.
Coordinate with architects, engineers, project managers, and other IT staff on new projects\programs for WashU schools or departments.
Maintain matrix of security standards.
Develop process for the regular review of standards and controls with IT.
Develop and provide reports for senior management.
Provide status updates on projects.
Recommend systems and enhancements to improve security.
Mentor others to ensure technical skills are in place to meet technical leadership-related resource requirements in the future.
Plan, create, maintain, and ensure integration of information security for Enterprise architecture.
Work with team members to perform security controls and risk reviews.
Collaborate, negotiate, and influence direction and decision making in order to enable the delivery of quality solutions.
Serve as a key decision maker and escalation point for approving architectural decisions within the scope of risk mitigation.
Ensure the University has a clear understanding of industry direction and the risks associated with architecture and technology, and ensure integration of that direction as appropriate.
Focus on increasing depth and breadth of information security in the architecture knowledge and skills on a continual basis.
Perform other duties as assigned.
Graduation from a four-year college or university with a degree in information technology, engineering, telecommunications, computer science, or a field closely related to the nature of the position and five years of progressive experience in the field of information technology or equivalent combination of education and experience.
SANS GIAC, ISC2 SSCP or other security related certification preferred, but not required.
Review system designs for risks to the environment, suggest possible solutions to mitigate risk and drive projects to completion.
Candidate must possess the ability to plan and accomplish goals based on experience and judgement.
Planning and Organization:
Ability to document, track and communicate security risks to technical staff, management, and business owners.
Research technologies to determine potential vulnerabilities, assess threat levels and better suited alternatives.
Determine sensitivity of request and methods to create, store, and transmit based on classification.
Strong knowledge of Center for Internet Security (CIS) Benchmarks.
Strong knowledge of NIST 800-53 rev 4.
Strong knowledge of ISO 27001.
Extensive demonstrated background in the areas of networking, systems, and security.
Experience with process and/or procedure documentation.
Must have substantive and methodological expertise in multiple disciplines.
Must possess the ability to manage technical projects of varying scale that require latitude in decision and actions. Must demonstrate initiative in solving unexpected problems associated with projects.
Ability to understand and assess risk.
Technical Solution Development:
Differentiate between problems and symptoms and develop solutions to address overall problem.
Provide unbiased recommendations.
Adept at dealing with clients/operational managers - listening and providing answers.
Have strong problem solving skills.
Have strong communications skills.
Build a good rapport with clients/operational managers and colleagues.
Be tactful and diplomatic.
Adept at gathering and assimilating information.
Have a good knowledge of technical applications and be willing to keep up to date.
Have a good knowledge of quality standards, legislation and best practice.
Be adaptable and able to prioritize.
Be able to work under pressure and meet deadlines.
Think ahead and anticipate problems, issues and solutions.
Must possess strong written and oral communication skills; ability to set strategic goals and perform in both business and technology settings.
Strong customer focus and ability to manage client expectations.
Develop processes, write guidelines and perform awareness training.
Adaptable and agile in the changing security and technology environment.
The hiring range for this position is $78,874 - $104,499 annually.
All external candidates receiving an offer for employment will be required to submit to pre-employment screening for this position. Current employees applying for a new position within the university may be subject to this requirement. The screenings will include a criminal background check and, as applicable for the position, other background checks, drug screen, employment and education or licensure/certification verification, physical examination, certain vaccinations and/or governmental registry checks. All offers are contingent upon successful completion of required screening.
Please attach a copy of your most current signed performance evaluation (completed within the last 18 months) to your online account. If you have not received a performance evaluation, you may provide two current signed letters of recommendation (written within the last 18 months), preferably to include one letter from either a current or recent former supervisor. To attach these documents, go to: My Career Tools, Add Attachment, Attachment Type – Performance Reviews or Letters of Recommendation.
Washington University in St. Louis, a medium-sized, independent university, is dedicated to challenging its faculty and students alike to seek new knowledge and greater understanding of an ever-changing, multicultural world. The University offers more than 90 programs and almost 1,500 courses leading to bachelor's, master's and doctoral degrees in a broad spectrum of traditional and interdisciplinary fields, with additional opportunities for minor concentrations and individualized programs. The faculty is composed of scholars, scientists, artists and members of the learned professions. They serve society by teaching; by adding to the store of human art, creativity, understanding, and wisdom; and by providing direct services, such as health care.