Free Local Classifieds in Hartford, CT
Search   in
My Location  
> > >

Information Security Architect - New Britain

Information Security Architect - New Britain

Ad id: 1710174006404327
Views: 5
Contact Us

If you're looking for a meaningful career, you'll find it here at Webster. Founded in 1935 by Harold Webster Smith, our focus has always been to put people first--doing whatever we can to help individuals, families and businesses achieve their financial goals. And while we've grown into a leading commercial bank, we remain passionate about serving our customers, supporting our communities, and making a difference in people's lives. We can make a difference in your life, too. By empowering you to build the meaningful career you've been looking for. Responsibility, respect, trust, teamwork and citizenship are the values on which Webster was founded. Together we call them The Webster Way, and they are what set us apart as a bank and an employer. Guided by these values, we put people first - working hard to live up to our customers, and each other, every day. INFORMATION SECURITY ARCHITECT If you're looking to take the next step in your cyber security career and be part of a dynamic, growing information security program, Webster Bank is the place for you. Information security is a high priority for Webster and we are looking for ambitious, growth-minded professionals to join our team. If you love information security, then we want to talk to you. Position Summary The information security architect will take a lead role in defining and assessing Webster's security policy, strategy, architecture, and practices to support Webster's business objectives and risk management strategies. He or she will work with other architects to ensure that information security is fully integrated into Webster's enterprise technology architecture, and will help IT project teams to plan and architect their solutions consistent with the enterprise security architecture. The information security architect will advocate for security requirements and objectives while ensuring that security architectures and practices do not impede the needs of the business. This position is located at Webster's facility in New Britain, Connecticut. Primary Responsibilities * Develop and maintain a security architecture that enables Webster to develop and implement security solutions and capabilities that support business goals and mitigate information security risk. * Develop and maintain security architecture artifacts (eg, models, templates, standards and procedures) for reference and use by IT project teams. * Track developments and changes in the business and information security environments and update the enterprise security architecture accordingly. * As a member of the Architecture Review Board, validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks. * Work with Security Operations staff to develop security strategy, plans, and roadmaps to implement the security architecture. Help Security Operations to review and select security technologies, tools and services to implement the roadmaps. Provide high-level requirements and direction for information security projects. * Provide input to security policies and standards. * Work closely with the Project Management Office to ensure that Corporate Information Security is fully aware of the IT project pipeline and that new projects receive all necessary information security risk assessment, requirements, planning advice, and engineering assistance. * Advise application and infrastructure project teams on information security planning, policy, and architecture and provide high-level security requirements to projects. As a member of the Architecture Review Board (ARB), verify that planned projects conform to IT and security architectures and policies. Hand off to Security Engineering staff to provide detailed security technical requirements help IT projects design and implement security solutions in accordance with ARB guidance. * As a member of the Change Management Board, verify that proposed system and infrastructure changes conform to information security policy and standards. Hand off to Security Engineering staff to help IT teams remediate deficiencies, if necessary. * Work with IT teams and the ARB to document storage and transmission of sensitive information and provide architecture and requirements to ensure that this data is secured in accordance with Webster policy, laws, and regulations. * Work with the Resiliency team to ensure that disaster recovery and business continuity plans include security considerations. * Help the risk assessment team to evaluate the design and effectiveness of security controls. * Provide oversight and assess the effectiveness of Webster's secure software development program. Job Requirements The successful candidate will demonstrate strong critical thinking and problem solving skills and will be able to act ethically and confidentially, work as part of a team, communicate clearly and concisely both verbally and in writing, adapt to rapidly changing priorities, and work on multiple projects simultaneously. * Teamwork and Communication: The security architect must be a consummate team player who readily shares information, facilitates dialogue, and brokers compromises among security, IT, and business stakeholders. He or she must be able to translate security-related matters into business terms that are readily understood by colleagues and must effectively present findings verbally and in writing. * Business and Organizational Acumen: The security architect is keenly aware of the dynamics of Webster's business and how IT and information security can support the business. He or she will develop approaches and solutions that serve organizational strategies and goals * Conceptual Thinking: The security architect's role is primarily strategic and conceptual, not operational. He or she must recognize abstract patterns and relationships among apparently unrelated entities and situations. He or she will apply appropriate concepts and theories in the development of principles, practices, techniques, tools and solutions. * Openness to Learning: The security architect takes personal responsibility for personal growth and changes his or her own ideas. He or she learns from others, inside and outside the organization, tries new approaches, and broadens the scope of work to learn from work assignments. Education Bachelor's or master's degree in computer science, information systems, cybersecurity, or a related field. Security and Technical Experience The enterprise security architect should have at least seven years of experience in information security, at least 10 years of experience in enterprise information technology, and direct, documented, and verifiable experience with: * Using architecture methodologies such as SABSA, Zachman and/or TOGAF * Managing security infrastructure -- eg, firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM and log management technology, and vulnerability management tools * Implementing security controls as part of an IT project life cycle * Full-stack knowledge of IT infrastructure: * Applications * Databases * Operating systems -- Windows, Unix and Linux * Hypervisors * IP networks -- WAN and LAN * Storage networks -- Fibre Channel, iSCSI and NAS * Backup networks and media * Public cloud services * Identity & Access Management * Experience reviewing application code for security vulnerabilities is preferred but not required. Industry and Regulatory Experience Financial sector experience is preferred, as is documented experience with: * Payment Card Industry Data Security Standard (PCI-DSS) * HIPAA-HITECH * Gramm-Leach-Bliley Act (GLBA) * Federal Financial Institutions Examination Council (FFIEC) handbooks * Sarbanes-Oxley Certifications The enterprise security architect will evidence his/her knowledge of security and risk management through ongoing continuing professional education. The ideal candidate will maintain one or more of the following certifications. * ISC2's CISSP ( * ISACA's CISM (-Certified-Information-Security- Manager/Pages/default.aspx) * ISACA's CISA (-Certified-Information-Systems-Auditor/Pages/default.aspx) * The Open Group's TOGAF ( * SANS' GAIC () *LI-JC1 Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled


Similar Items
Last Updated on: January 20, 2018
Report Ad
Contact Poster by Email

Email Poster

Refresh Image