Director Security Architecture
San Antonio, TX 78216
Our client has been recognized as one of the Best Companies to Work for in Texas and has an exciting opportunity for the right individual to join an energetic and seasoned team, with an established and expanding national firm.
Headquartered in San Antonio, our client is a diversified financial services company providing a wide range of insurance, mortgage, and investment services to financial institutions, businesses, and individuals. With offices across the country, our client is committed to providing quality products, outstanding service, and customized solutions in all 50 states.
Serves as a key information technology leader and subject matter expert responsible for analyzing new and legacy information technology, public and private cloud environments, and data to develop and implement effective and efficient security and privacy controls to protect the company. Develops and maintains a public and private cloud security architecture using industry best practices and standards. Evaluates security risk and controls throughout the entire development and acquisition lifecycles. Performs pre-acquisition assessments and certification and accreditation reviews prior to releasing new systems to production. Defines, implements, assesses, and maintains controls necessary to protect networks, hardware, and systems (i.e. intrusion prevention/detection), network/Internet perimeter (firewalls, DMZ, network connections, third-party connectivity, remote access, VPNs), and cloud workloads in accordance with industry standards and internal security requirements. Defines, implements, assesses, and maintains controls necessary to protect software, applications, and structured and unstructured data (operating systems, applications, database management systems, web-based PCI applications, COTS) in public and private cloud environments. Evaluates and approves configuration changes to hardware, software, and applications for security implications. Defines, implements, assesses, and maintains controls necessary to protect information and vital data assets (including media). Oversees the development and implementation of technical access controls, cryptography, hardware, software, and network security procedures and guidelines that implement the company’s information security policies. Monitors industry security updates, technologies, and best practices to ensure the company's hybrid cloud environment continues to provide adequate security and meet compliance requirements. Leads information security projects and cross-functional teams to design, implement, and monitor security controls. Manages engineering and documentation workflow for security infrastructure. Supports enterprise incident command team as a security incident response leader and subject matter expert.
- Leads an Information Security Architecture Team to develop and maintain effective and efficient security solutions within a heterogeneous technology environment. Maintains an enterprise-wide security architecture and recommends specific controls to support financial services operations, application development, data center operations, and Cloud solutions spanning multiple national and international locations. Evaluates and recommends physical and virtual security solutions to bolster mobile, desktop, server, database, and network implementations.
- Proposes and reviews existing design solutions to limit access to assets and associated facilities to authorized users, processes, or devices, and to authorized activities and transactions. Determines requirements for identities and credentials for authorized devices, as well as users through single and multifactor Validates controls used to manage and protect physical access to assets. Ensures remote access is managed with appropriate security designs and controls. Incorporates principles of least privilege and separation of duties into access permissions and security designs. Assures network integrity by incorporating and maintaining network segmentation into security designs.
- Supervises the design and implementation of data security solutions to ensure company-owned and controlled data are managed consistent with the organization’s risk strategy. Oversees the use of encryption technology to protect data-at-rest and data-in-transit, as well as implements data loss prevention technology and procedures to prevent data leaks. Ensures the adequate protection and maintenance of encryption keys. Maintains system assurance and availability by ensuring adequate capacity is maintained in security designs. Recommends integrity checking mechanisms to verify software, firmware, and information integrity. Verifies security controls and standards exist to create and maintain a production environment that is separate from the development and testing environment. Develops procedures to formally manage assets at the end-of-life through removal, transfer, and disposition.
- Maintains and uses security policies, processes, and procedures to manage the protection of information systems and assets. Oversees the creation and maintenance of baseline configurations, change control standards, and the application of a continuous improvement processes within a System Development Life Cycle (SDLC). Develops processes and procedures to maintain and test back-ups periodically and ensure data is destroyed according to policy. Evaluates and shares the effectiveness of engineering solutions and technologies with appropriate parties. Develops and tests new processes and procedures to support incident response and recovery plans. Ensures human resource practices account for cybersecurity requirements through the employment or contract lifecycle. Develops and implements a vulnerability management plan.
- Supervises the design and implementation of technical security solutions to ensure the security and resilience of systems and assets is consistent with related policies, procedures, and agreements. Requires and verifies audit and log records are determined, documented, implemented, and reviewed according to policy. Enforces restrictions and protections for removable media according to policy. Applies the principle of least functionality to control access to systems and assets. Protects communication networks using industry standards and best practices.
- Certifies maintenance and repairs of information system components is performed consistent with policies and procedures. Integrates approved and controlled tools into security designs to ensure maintenance and repair of assets is performed and logged in a timely manner. Prevents unauthorized remote maintenance with controls that require approval, logging, and secure connections.
- Performs all other duties as assigned.
- Bachelor’s Degree in Computer Engineering, Information Security, Cybersecurity, or related technical field required. Master’s Degree preferred.
- Minimum of eight (8) years of experience required in computer and security engineering. Experience as a Security Engineer within a Cisco and Microsoft environment preferred.
- Requires certification as a Certified Information Systems Security Professional (CISSP) or Cyber Security Essentials Certification (GSEC) from GIAC.
- Requires ITILv3 Foundation certification or able to obtain certification within 6-months and GIAC-GCCC Certification or able to obtain certification within 12-months.
- Strongly preferred certifications:
- Certified Information Systems Security Professional concentration as a Information Systems Security Architecture Professional (CISSP-ISSAP), Information Systems Security Engineering Professional (CISSP-ISSEP), Certified Cloud Security Professional (CCSP), Amazon Wed Services (AWS), or Microsoft Azure Security.
- Demonstrated knowledge of firewall management, secure routing configurations, encryption, VLAN deployment, IPS/IDS integration, VPN, and Microsoft Windows security.
- Knowledge of ISO 27001:2013, ISO 27002:2013, and PCI-DSS.
- Proficient Microsoft Office skills, including Word and Excel.
- Excellent organizational skills.
- Excellent verbal and written communication skills.
- Able to work with teams and external stakeholders is essential.
- Able to use basic office equipment, including copy machine, personal computer, and fax.
- Able to type 35 WPM.
- Able to travel locally or nationally by car or plane.
- Sit for long periods of time performing sedentary activities.
- Stand, stoop, and kneel to file for long periods of time.
- Push, pull, and lift up to 20 lbs. of files, supplies, documents, or other related items.
Substance-Free Workplace and requires pre-employment drug testing.
Client does not hire tobacco users as allowed by law.
Client offers an excellent employee benefits package that includes: 401(k) with company match, medical/dental, Life, Long Term Disability, Accidental Death and Dismemberment, and Long Term Care insurance policies. Opportunities for professional growth are also offered.