The Senior Information Security Architect is responsible for developing and maintaining robust security architectures and strategies for safeguarding the organization's cloud-based infrastructure, applications, and data. This role requires a deep understanding of cloud security technologies, compliance standards, and best practices to ensure the confidentiality, integrity, and availability of sensitive information. The Information Security Architect will collaborate with cross-functional teams to design, implement, and manage security solutions in cloud environments.

Essential Functions 
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.  

Security Infrastructure Architecture:

• Develop and implement a comprehensive security architecture for-on-premisis and cloud technologies  that are  aligned with the CISO’s overall strategy for the information security organization.’.
• Stay current with emerging on-premisis and cloud security threats, vulnerabilities, and trends to proactively address potential risks.
• Actively participate within  ACA technology  Committees where  solutions are evaluated for the enterprise 

• Design and document secure on-premisis and cloud security architectures, taking into account multi-cloud and hybrid cloud environments.
• Create and maintain security reference architectures, patterns, and guidelines..
• Understand and participate in the configuration of solutions  and strategies that satisfy NIST Cybersecurity Framework control objectives in collaboration with the department’s GRC team.

Identity and Access Management (IAM):

• Implement robust IAM solutions to manage user access, roles, and permissions effectively.
• Enforce strong authentication and authorization mechanisms 
• Assist the IAM team with privileged access management (PAM) solutions and deployment architectures.

Data Protection:

• Develop strategies for data encryption, PKI, tokenization, and masking in the cloud and on-premisis.
• Architectdata leakage prevention (DLP) measures and systems  to protect sensitive information. 
• Provide architecture advisory and solutions that satisfy NIST data protection controls.

Network Security:

• Provide architectural design and implementation guidance to information security teams to secure network configurations in the cloud and on-premisis, including firewall rules, virtual private networks, and network segmentation.
• Implement network monitoring and intrusion detection systems.

Compliance and Governance:

• Ensure cloud and on-premesis environments comply with industry standards and regulations (e.g., HIPAA, PCI DSS, NYDFS, NIST).
• Collaborate with GRC teams to ensure proper monitoring and reporting mechanisms.
• Maintain an active role within the enterprise GRC teams within Information Security, Compliance, and Internal Audit.

Security Operations:

• Collaborate with the security operations center (SOC) to define incident response procedures and threat hunting strategies specific to cloud and on-premises environments.
• Assist with continuous improvement of ACA SOC operations where security logs and events are monitored and analyzed to detect and respond to security incidents promptly.
• Assist the SOC teams to ensure appropriate level of alerting is configured across all  environments

Security Testing and Assessment:

• Support regular security assessments, vulnerability scanning, and penetration testing of assets.
• Advise upon identified vulnerabilities and assist with translating risk ratings to ACA risk rating.

Security Awareness and Training:

• Assist with training programs for employees and other stakeholders.
• Promote a culture of security awareness and compliance within the organization.

Vendor and Third-Party Risk Management:

• Assess security risks associated with cloud service providers and third-party integrations.
• Review and recommend security terms within cloud solution contracts (includes SaaS, IaaP solutions)

Strategy Planning:

• Evaluate documented architectures and analyze trends for ways to prevent future problems
• Research and recommend innovative, and where possible, automated approaches for information security team  tasks.
• Identify approaches to solutions that leverage our resources and provide economies of scale
• Keep current with the latest security technologies and coach staff regarding leading and best practice strategies and solutions 

Personal Attributes:

• Ability to conduct research into a wide range of computing issues as required 
• Ability to absorb and retain information quickly 
• Ability to present ideas in user-friendly language 
• Highly self-motivated and directed 
• Keen attention to detail 
• Ability to effectively prioritize and execute tasks in a high-pressure environment  
• Exceptional customer service orientation 
• Experience working in a team-oriented, collaborative environment 
• Have a strong desire to learn continually and grow professionally 

Qualifications 

• College diploma or university degree in the field of computer science or management information systems is preferred
• A minimum of 10 years IT experience; at least three of those years focused on IT security, infrastructure, cloud or application-level vulnerability testing and remediation
• Strong understanding of enterprise, network, system, distributed application and application-level security issues. 
• Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols) 
• Understanding of the system hardening processes, tools, guidelines and benchmarks (including Mitre Att&ck framework). 
• Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security 
• Basic knowledge of Linux, Windows, systems 
• Coding and/or scripting experience required
• Working knowledge of a range of diagnostic utilities 
• Exceptional written and oral communication skills 
• Exceptional interpersonal skills, with a focus on rapport-building, listening, and questioning skills 
• Strong documentation skills 
• CISSP Certification preferred 
• Cloud Architect Certification preferred
• Cloud Security Certificate  preferred
• AWS, Azure, or Google Cloud Platform experience is a requirement for the senior position within the organization 
• Implementation experience with privileged access management (PAM) solutions.

Supervisory Responsibility

This position may have supervisory responsibilities.

Work Environment and Physical Demands

This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines.

Position Type/Expected Hours of Work

This is a full-time position with a work schedule of Monday-Friday with some schedule variations of weekday, weekend, and sometimes monthly on-call duties as needed.

Travel

This position will require up to 5% local travel.

EEO Statement

ACA provides equal employment opportunities (EEO) to all applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws.  ACA complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

#LI-KL1