City of Indianapolis and Marion County, IN

Receive alerts when this company posts new jobs.

Similar Jobs

Job Details

Enterprise Security Architect

at City of Indianapolis and Marion County, IN

Posted: 5/22/2019
Job Status: Full Time
Job Reference #: 2234021

Job Description

Overall Job Objective

Position Summary

Position is responsible for working with the agencies and departments supported by the Information Services Agency (ISA) to collaborate on strategy, help design secure enterprise-level and department-level security solutions, and build standards for how those solutions should be implemented and maintained in the future in line with ISA's IT Governance Plan. Additionally, this position has a keen eye toward the future, understanding where the organization should be headed regarding information security and helping to build the framework in collaboration with the Enterprise Architecture team to get there. This team member consistently works with the rest of the Architecture and Infrastructure teams, ISA leadership, Legal Counsel, 3rd Party vendors and ISA-supported business units on projects that will establish a mature Information Security program that has the flexibility to provide innovated Enterprise solutioning in response to changes within the industry. Position will have principal responsibility for the design, modification and ongoing administration of the Enterprise Security Program. The Enterprise Security Architect is quick on their feet, a strategic thinker who is willing to challenge assumptions while simultaneously advocating for best IT security practices.

Position Responsibilities

Helps to set strategic direction for information security initiatives, processes and standards.

Establishes enterprise architecture standards, processes and procedures based on industry standards.

Researches, evaluates and drives next-generation security technologies and concepts to keep supported enterprise security architecture ahead of the curve.

Builds relationships and collaborates with other Enterprise Architects and functional areas across ISA to ensure all visions are aligned and in compliance with the ISA enterprise information security program.

Human Resources/Division of OFM

1541 City-County Building

200 East Washington Street

Indianapolis, IN 46204

Conduct and attend project meetings to provide security and governance input throughout project lifecycles.

Influence decision-makers in the areas of secure network design, access/authentication controls, IaaS (Infrastructure As A Service) and others.

Coordinate the creation (where needed) and annual review for unit-level disaster recovery (DR) and business continuity plans (BCP); Provides advice in consultation with Infrastructure team for IT solutioning for business continuity.

Creates, refines, delivers and evangelizes information security standards to be used throughout the enterprise that balance business needs and external requirements.

Ensure through creation or delegation that all security-related documentation is complete, current and stored appropriately.

Analyzes enterprise-wide development needs and management of an architecture governance process.

Autonomously prepare reports and audit findings remediation plans in response to Internal audits, penetration tests or vulnerability scans.

Reports to executive team the effectiveness of data security as implemented by internal and external business partners and makes recommendations for the adoption of new procedures or controls.

Participates in security event investigations producing Incident Response Documentation and ensure corrective actions are implemented.

Creates end-to-end security solutions involving a mix of technical and organizational requirements.

Monitors changes in the legislative, regulatory and contractual landscape to ensure that the information security program is always at least one step ahead.

This list of duties and responsibilities is not intended to be all-inclusive and may be expanded to include other duties or responsibilities that management may deem necessary from time to time.

This list of duties and responsibilities is not intended to be all-inclusive and may be expanded to include other duties or responsibilities that management may deem necessary from time to time.

Qualifications

Bachelor's from an accredited institution in an IT-related field such as Information technology, computer science, informatics, computer programming, information assurance/compliance or equivalent work experience with ten (10+) years of IT-related work experience in large, complex technical environments. Demonstrable experience designing or managing an Enterprise IT security and compliance program. Strong understanding of security tenets, such as encryption/key management, network design, access control and incident containment. Knowledge of the intricacies related to National Institute of Standards and Technology (NIST) best practices, the SANS Institute's ten security domains, Payment Card Industry Data Security Standard (PCI DSS) and state privacy laws. Ability to maintain strict confidentiality. Excellent written and verbal communication skills, including the ability to interact with team members at all levels within City and County Government from the end user to senior leadership. Ability to think analytically and creatively. Ability to look at all situations objectively. Ability to work independently with minimum direction in a fast-paced environment as well as collaborate effectively while maintaining an "options before obstacles" mindset. Preferred Qualification include: Experience in other parts of IT as an administrator or engineer in a non-security role. Experience with hosted and cloud services, especially Software-as-a-Service (SaaS) and Platform-As-A-Service (PaaS), and the related security implications and control approaches with an emphasis on hyper-converged systems. Thorough understanding of risk management principles and processes. Industry certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), GIAC Security Essentials (GSEC), Certified Information Security Manager (CISM), etc. Demonstrable experience in policy/standard creation and acceptance.

Independent Judgment

A very high degree of independent judgment is required for making decisions. There will be instances where policies, procedures, rules and regulations do not exist for all situations that could be encountered. Errors in judgment will adversely affect the perception and image of the City/County relating to the use and operations of network systems and technology. This could result in excessive liability, embarrassment and expense for the Organization and the City/County. Incumbent must have the ability to make appropriate decisions considering the relative costs, risks and benefits of potential actions. Independent judgment is utilized and may represent the Chief Technology Officer at planning, management and/or customer meetings.