The College Board, the national educational organization, is conducting a search for a Senior Information Security Architect within our Technology department in Reston, Virginia office OR via Remote work arrangement Within USA.
About the Role
College Board is rapidly transforming itself into an agile organization, embracing DevOps and cloud-native systems, and focused on improving speed and security of service delivery in support of an important mission. To enable this mission, College Board is seeking a Senior Information Security Architect to join our Enterprise Security Services team to develop and implement a robust enterprise security architecture program, and drive innovative and transformative security solutions across the College Board’s cloud and on-prem environments. The Senior Information Security Architect is a technical and innovative leader responsible for strategy, planning, and overall maturity of the security program at the College Board. He or she will serve as the subject matter expert for other Technology teams within the organization for all matters related to enterprise security. The Senior Information Security Architect applies critical thinking to address the risks to the College Board’s mission of enabling students’ access to college and providing more opportunities to succeed.
Responsibilities of the role
- Enhances current state security architectures and develops target state security architectures to support projected business objectives, reflect the threat landscape, and compliment DevOps operating models.
- Design and develop security architectures for cloud and cloud/hybrid based systems. Possess a firm understanding of the offerings within Amazon Web Services (AWS) and the Microsoft Azure platforms.
- Leads initiatives designed to share knowledge across Technology teams. Identifies, recommends, coordinates, deliver timely knowledge to support teams regarding technologies, processes or tools. Develops and executes strategies to increase Cloud Security knowledge throughout the enterprise.
- Leverages security management frameworks to shape program priorities and align security functions and processes to illustrate and improve the way in which the security program enables the business.
- Partners with other security staff, delivery teams, and business units to create and maintain a comprehensive enterprise security architecture.
- Collaborate across technologies teams to implement Zero Trust Security Model including SASE, ZTA, ZTNA, and IAM. Supports the design of systems to support the development and enforcement of a diverse set of security controls, while maintaining alignment to functional and business requirements.
- Orchestrates the integration of security systems with security operational processes, building on and improving those processes across the organization.
- Supports the development, assessment, implementation, and continual enhancement of comprehensive security roadmap(s) and enable senior leaders to visualize security capability gaps and prioritize security investments.
- Assists in the development of new security frameworks, principles, policies, and standards as needed by the observed or anticipated business, regularity, or environmental change.
- Develops and maintains an enterprise security services catalog and related artifacts.
- Participates in enterprise architecture (EA) working groups and provides strategic and tactical guidance and direction related to security.
- Updates and maintains knowledge and awareness by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; and participating in professional organizations.
- Mentors team members in information security methodologies, frameworks, processes, and procedures.
Qualifications needed for the role
- 7+ years’ experience in the field of information technology with extensive exposure to numerous aspects of systems management, development, and operations as well as business planning.
- A minimum of 7 years’ experience in information security with knowledge and exposure to security architecture, security assessment, security program management, or security engineering.
- Experience managing cloud-based security solutions, AWS experience preferred.
- Knowledge of risk and security assessment procedures, security policy implementation, authentication and authorization strategies and technologies, and the attack lifecycle.
- Experience working with cloud security and governance tools, cloud access security brokers (CASBs), and server virtualization technologies.
- Experience with enterprise applications (architecture, development, support, and troubleshooting).
- Experience performing threat modeling and design reviews to assess security implications and requirements for the introduction of new technologies.
- Experience representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.
- Demonstrable ability to diligently execute tasks in a dynamic and cross-functional environment.
- Demonstrated competency in strategic thinking with abilities in relationship management.
- Industry recognized certification (e.g., CISSP, CCSP, SABSA, etc.) preferred.
- Bachelor’s degree preferred or equivalent work experience.
Preferred skills & attributes for the role
- Knowledge and experience working with any of the following is preferred
- Security management and governance frameworks (SABSA, NIST Cybersecurity Framework, NIST RMF, ISO 27k, etc.)
- Software and infrastructure (serverless architecture, application servers, databases, middleware, AWS API, etc.)
- Security systems (SIEM, vulnerability scanners, IPS, DAST, etc.)
- Excellent oral and written communication skills with the ability to confidently present and discuss technical information as well as long-term vision.
- Confidence and leadership as a member of project teams in working with business users in a cross-functional environment.
- Excellent problem solving and analytical ability.