Security Architect Security Architect …

Fitch Ratings
in New York, NY, United States
Internships & Graduate Trainee, Full time
Be the first to apply
Fitch Ratings
in New York, NY, United States
Internships & Graduate Trainee, Full time
Be the first to apply
Security Architect
Security Architect

The Security Architect is responsible for understanding the enterprise architecture to identify security gaps, develop controls and design solutions that meet business objectives while complying with security standards and regulatory requirements. Candidates must have a firm understanding of security concepts relating to all Technical areas including Operating Systems (Windows, Linux, Unix), Networking, Database, Application/Web Development, etc.

This role will provide leadership and guidance both to the Technology Risk team, and to other internal engineers and developers. An understanding of common compliance standards and regulations (e.g. GDPR, SOX, Dodd-Frank,) is required. This position will conduct risk and vulnerability analyses and other security assessments of technology, processes, and third parties. As a senior member of the Technology Risk team, the Security Architect will provide thought-leadership and consulting-like services in subject matter expertise disciplines such as Information Security Architecture, Tools, Services, Metrics and Measurement, Standards, Guidelines and Processes/Procedures. This candidate will develop, implement, and administer a comprehensive enterprise information security architecture to ensure the Confidentiality, Integrity, and Availability of information owned, controlled and/or processed by the Fitch Group.

Job Responsibilities:
  • Understand corporate strategic plans and fundamental business activities of the Fitch Group and its portfolio of business operations.
  • Maintain current knowledge of applicable cyber threats, regulatory and compliance issues related to information security.
  • Based on this knowledge, develop, maintain and oversee an enterprise-wide Information Security Architecture Framework that is aligned with the Fitch Group's business strategy.
  • Design and implement a roadmap that clearly shows key milestones to develop a sustainable, effective Information Security Tools & Services catalog to be utilized by the enterprise.
  • Provide technical expertise and direction in risk assessment and risk management activities across the enterprise.
  • Participate in Risk assessments for Fitch Group Business Units.
  • As applicable, maintain risk register, and provide guidance with the development of risk treatment plans.
  • Provide subject matter expertise to executive management on a broad range of information security and risk best practices.
  • Collaborate with project teams and other system architects/Engineers to develop system designs and project plans that include the appropriate security controls and meet security standards.
  • Serve as the solutions architect for all Information Security sponsored projects and initiatives.
  • Must have a firm grasp of concepts and technology across all IT areas to be able to spot gaps and develop appropriate controls.
  • Ability to write both technical and business documents.
  • Assist and advise on development of comprehensive technology security metrics.
  • Remain current with industry trends and security threats to advise management on how to mitigate and contain risks to the business.
  • Provides strategic and tactical security guidance for all projects and architecture functions, including the evaluation and recommendation of technical controls.
  • Conducting, reviewing, and documenting information system security audits and investigations.
  • Direct the selection, installation, configuration and management of security related hardware and software tools and/or systems designed to support the program.
  • Develops, manages and leads Computer Security Incident Response.
  • Develops and executes testing protocols to validate security practices including, but not limited to, vulnerability/penetration testing
  • Perform other related duties as assigned

Preferred Skills:
  • Incident Handling
  • Security Operations
  • Vulnerability Management
  • Identity Access Management

Required Skills/Experience/Education:
  • Must have leadership and/or senior team member experience
  • Proven ability to collaborate with technical peers and management
  • Technical and Business writing skills, plus the ability to effectively explain plans and solutions verbally to both technology and business units
  • Perform in-depth security assessments of both business and technology driven solutions
  • Understanding of emerging technologies such as a Cloud Platforms and Mobile BYOD as well as the associated security risks
  • Ability to conduct vulnerability assessments, analysis and create remediation plans
  • Capable of working independently with minimal supervision
  • Demonstrate a degree of creativity with strong analytical and problem solving skills
  • Bachelor's degree or equivalent experience and education required
  • 10 years of experience in technology with at least 5 years of experience in the Information Security area
  • CISSP, CISA, or CISM certification required. CISSP strongly preferred
  • Solid understanding of networking - including routing, architecture, and design
  • Solid understanding of Application, Database and Network Vulnerability testing principles
  • Management of security tools such as: Tenable, GRC, Nessus, Crowdstrike Falcon, Protocol Analyzers, DLP, NAC, SIEM, IPS/IDS, etc.
  • Experience in dealing with APTs, DDoS, Targeted and Non-Targeted attacks
  • Proficient in MS Word, Excel, Visio, and Power Point
  • Knowledge of NIST 800-53, COBIT, ISO 27001/02
  • Understanding of current Data Privacy, HIPAA, PCI regulations and implementing processes and/or technology to ensure compliance and data protection
  • Ability to perform Security Audits and Risk Assessments for PCI, HIPAA and Privacy compliance
  • Ability to assess efficacy and recommend improvements to internal processes that may affect architecture, technology standards and/or existing work instructions or procedures
  • Ability to troubleshoot complex system problems and the ability to engage and work with the proper technical areas and vendors to resolve them
  • Demonstrate a degree of creativity with strong analytical and problem solving skills
  • Able to support a 24/7 on-call function