The Information Technology Security Office (ISO) is currently seeking an Information Security Architect. The security architect develops, implements, and monitors the University’s information security technology environment to protect the confidentiality, availability, and integrity of all institutional data and systems. The incumbent serves as the University’s most senior security solutions strategist, technologist, and technical subject matter expert. This individual identifies cost-effective security solutions, tools, appliances, and services to best protect UM’s information systems and data assets. Additionally, the security architect maintains current knowledge of emerging information security threats and the countermeasures to mitigate risks.
Primary Duties and Responsibilities:
(Performs duties and responsibilities under minimal supervision)
Determines security requirements by evaluating business strategies and requirements and researching information security standards Analyzes technology and industry trends and the organization’s current technology deployments to recommend solutions that address complex and unique business requirements Designs security solutions and processes by evaluating network and security technologies Develops requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices Designs public key infrastructures, including the use of certification authorities and digital signatures, as well as hardware and software Develops security solutions and processes to support different compliance environments such as PCI, FISMA, GLBA, FDA Part 11, and HIPAA Performs and oversees risk assessment and analysis, conducts system and application vulnerability evaluations to provide corrective actions, coordinates security penetration testing, and oversees on-site partner assessments Verifies security systems by developing and implementing test scripts Maintains security by monitoring and ensuring compliance with standards, policies, and procedures Upgrades security systems by monitoring security environment, identifying security gaps and evaluating and implementing enhancements Prepares system security reports by collecting, analyzing, and summarizing data and trends Collaborates with compliance and quality control areas Updates job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations Adheres to University and unit-level policies and procedures and safeguards University assets Excellent verbal and written communication skills Strong organizational skills
Bachelor’s Degree in relevant field required Minimum of 5 years of relevant experience required Certification in relevant specialty or field (CISSP, CISM, or GIAC) required
Master’s degree in relevant field Experience with risk management processes, including steps and methods for assessing risks Experience in security architecture, demonstrating designing and implementing information security solutions, principles, and emerging technologies Experience in security for cloud computing environment, including CASB, data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, data loss, and DoS attacks