Information Security Architect

Must Have

• Ability to operate independently and perform quality work within the scheduled timeframe
• Excellent listening and communication skills in both written and verbal forms; previous experience in writing internal audit reports, preferred
• Experience executing technology audit and ITGC Testing
• Experience in auditing IT cloud operations, network, infrastructure, and security related to Amazon Web Services and Azure
• Experience in IT security and IT governance risk and compliance
• Must be proficient using Microsoft Office software
• Must possess an understanding of Information Security policies and standards, and have a working knowledge of Business Continuity Programs, electronic banking software and applications, Cloud computing, Cybersecurity Regulatory Framework, and Vendor Management practices
• Strong analytical, interpersonal and communication skills
• Strong understanding of cybersecurity processes and concepts (e.g. vulnerability management, security governance, software development, incident response, physical security, auditing and logging, micro segmentation, secure access service edges, zero trust architecture, PKI, penetration testing) as well as application controls
• Working knowledge and experience in python, JSON and SQL
• Working knowledge and experience with professional standards including CCM, NIST CSF, COSO and COBIT

Nice To Have

• Current certifications, such as CISA or CISSP

*** Technology Risk Management is seeking a highly motivated Information Technology (IT) Controls Tester to join our control testing program. This role is critical to helping the company identify and address compliance, financial, operational, strategic and technology risks in technology processes. The work requires proficiency in the areas of internal ITGC control testing/IT auditing. The role will focus on robust planning and execution of technology control testing.

Responsibilities will include :
• Independently validate the design and operational effectiveness of IT General Controls and Cloud controls
• Perform control procedure and documentation reviews including conducting interviews to clarify processes, data flows and architectures
• Prepare test scripts
• Perform root cause and impact analysis and provide management with recommendations to resolve issued findings.
• Advise business partners on IT findings, risks and control weaknesses.
• Validate findings post remediation
• Use knowledge of the current IT environment and industry IT trends to help identify and anticipate potential issues that may impact the banks risk landscape
• Design and assist in building continuous monitoring/ reporting to improve efficiency an awareness of control testing activities
• Provide technical assistance on audit techniques
• Maintain an understanding of the cybersecurity footprint, platform architecture, cloud infrastructure, data governance and privacy compliance, general computing control structure of the Company (systems and architecture) and be able to apply that knowledge to how it supports the processes and procedures being reviewed
• Develop and maintain strong and effective working relationships with key business partners
• Proactively engage and follow up to ensure deliverables are met, and identified gaps have been communicated

DO NOT EDIT BELOW THIS LINE, PLEASE INSERT JOB DESCRIPTION ABOVE Provide consultative, technical research and analytical support on Information Security industry trends, standards, best practices, concepts and solutions. The role requires the candidate to provide support and guidance based on experiences in the areas of security architecture design, operations management, business risk assessment, and policy development. The ideal candidate will be a known security expert who has worked in the security profession for at least five years, and has a proven track record for influencing industry trends. The candidate must bring solid experience to the IS team in the areas of network and application security architecture for Internet, Extranet, and Intranet E-commerce systems, J2EE web application security, single-sign on, PKI, identity management, non-password-based authentication technologies (smart card, biometrics) integration, and wireless LAN (802.11x) and mobile (WAP) security. RESPONSIBILITIES: Assist the Information Security department in providing for the safekeeping and integrity of company information assets by maintaining systems and controls that prevent unauthorized access, modification, disclosure, and/or deletion of information from computer networks and resources. Serve as a security technical analyst and advisor on projects to evaluate new technology resources for program compliance by effectively testing solutions using industry standard evaluation criteria, which includes the delivery of formal papers and technical reports on test results and findings. Provide security engineering research and analysis in a liaison capacity to the various Technology Groups and Architecture functions. Directly interface with business line technical experts and information security members to provide guidance on authorization, authentication and encryption solutions. Consult with business units regarding their changing business and technical plans to ensure that information security issues are addressed early in the project life cycle. Advise the district Information Security manager of changes in technical, legal and regulatory arenas affecting information security and computer crime.

Shift: ['Ability to operate independently and perform quality work within the scheduled timeframe', 'Excellent listening and communication skills in both written and verbal forms; previous experience in writing internal audit reports, preferred', 'Experience executing technology audit and ITGC Testing', 'Experience in auditing IT cloud operations, network, infrastructure, and security related to Amazon Web Services and Azure', 'Experience in IT security and IT governance risk and compliance', 'Must be proficient using Microsoft Office software', 'Must possess an understanding of Information Security policies and standards, and have a working knowledge of Business Continuity Programs, electronic banking software and applications, Cloud computing, Cybersecurity Regulatory Framework, and Vendor Management practices', 'Strong analytical, interpersonal and communication skills', 'Strong understanding of cybersecurity processes and concepts (e.g. vulnerability management, security governance, software development, incident response, physical security, auditing and logging, micro segmentation, secure access service edges, zero trust architecture, PKI, penetration testing) as well as application controls', 'Working knowledge and experience in python, JSON and SQL', 'Working knowledge and experience with professional standards including CCM, NIST CSF, COSO and COBIT']

EEO:
"Mindlance is an Equal Opportunity Employer and does not discriminate in employment on the basis of - Minority/Gender/Disability/Religion/LGBTQI/Age/Veterans."

---