Security Solution Architect

Overview:

Works under the guidance of the Principal Security Architect in getting necessary approvals from the Architecture Review Board. Participates in and may be called upon to provide technical and architectural leadership on large and highly complex security projects.

Responsibilities:

1. Governance and Strategic Leadership:

• Provides architectural vision to align Information Security outcomes to strategic business needs and goals.
• Contributes to and participates in the Architecture Review Board and Architect community activities to ensure the design and implementation of sound solutions.
• Contributes to the strategic roadmap and technical direction of business and IT.
• Contributes to developing security procedures and standards to be reviewed and approved by the Chief Information Security Officer (CISO).
• Tracks developments and changes in the digital business and threat environments to ensure these are adequately addressed in security strategy plans and architecture artifacts.
• Develops and maintains security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.

1. Security Configuration and Infrastructure Management:

• Works with IT Solution Architects to ensure security is baked into all solutions and that regular cadence is established for maintaining a secure baseline.
• Develops baseline security configuration standards for operating systems (e.g., operating system hardening), network segmentation, and identity and access management (IAM).
• Validates IT infrastructure and other reference architectures for security best practices and recommends changes to enhance security and reduce risk where applicable.
• Validates security configurations and access to security infrastructure tools, including firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), anti-malware/endpoint protection systems, etc.

1. Security Assessment and Risk Management:

• Conducts or facilitates threat modeling of services and applications to assess the associated risk and data.
• Ensures that a complete, accurate, and valid inventory of all systems, infrastructure, and applications is conducted and reconciled with the security information and event management (SIEM) or log management tool.

1. Data Security and Privacy:

• Coordinates with the compliance and privacy officers to understand sensitive data within the organization (e.g., PII or ePHI) and recommends controls to ensure this data is adequately protected.
• Reviews network topology to ensure the least privilege for network access.

1. Collaboration and Best Practices:

• Liaises with other architects and security practitioners to share best practices and insights.

1. Security Tools and Operational Support:

• Tracks, documents, and communicates security-related activities (models, templates, standards, and procedures) that leverage security capabilities in projects and operations.
• May be asked to work with peers to troubleshoot and remediate any systems impacted by security breaches.

1. Organization:

• Commitment to embrace Sammons Financial Group Companies shared values (Accountability, Connection, Openness, Respect, and Integrity)
• As stated within the Company Attendance and Punctuality policy, regular attendance is required and expected to meet the business service levels and workflow demands.
• Participate in other initiatives or projects as necessary

Qualifications:

Discipline-specific Qualifications:

• Proficient in consultative and collaborative methods, ensuring security strategies align with business objectives, guiding security teams, effectively communicating technical concepts, and resolving complex security challenges.
• Skilled in overseeing security initiatives, upholding integrity in managing sensitive data, and exemplifying leadership by enforcing security policies.
• Preferred experience securing web development languages and frameworks, such as JavaScript, Spring, Angular, Python, Java, C#, .NET, and more.
• Well-versed in securing platforms such as Kubernetes, Confluent Kafka, ActiveMQ, Azure Service Bus, Amazon SQS, API gateways, etc.
• Thorough understanding of various database security technologies supporting MongoDB, Oracle, MS SQL, etc.
• Capable of working in high-performance development teams using agile methodologies alongside modern DevSecOps practices.
• Sound knowledge of enterprise and back-office systems such as CRM, HR, Microsoft 365, and other financial services systems

General Qualifications:

• Security Certifications (CISSP, CCSP, GWEB, GSEC, or CCSK) preferred
• Experience in using architecture methodologies such as SABSA, Zachman, and TOGAF
• At least ten years of experience in Information Technology with a security focus
• Minimum of two years of experience in a Security Architect or Engineer role
• Extensive experience in Information Security, compliance, assurance, or other security standard methodologies and principles
• Documented experience and a solid working knowledge of the methods to conduct threat-modeling exercises on new applications and services
• Experience applying cybersecurity and privacy principles and organizational requirements
• Experience with developing specific cybersecurity countermeasures and risk mitigation strategies for systems or applications
• Experience in identifying, assessing, and recommending cybersecurity or cybersecurity-enabled products for use within a system and ensuring that recommended products follow the organization's evaluation and validation requirements
• Ability to effectively operate in support of a complex ecosystem of technology platforms managed by internal resources and vendor partners

• Criminal background check required.

• Sammons Financial Group offers a competitive benefit package that includes: Health, Dental, Vision, Company Paid Retirement, PTO and Holiday Pay.
• Our Employee Stock Ownership Plan (ESOP) is a 100% company-funded retirement plan, so you can save for retirement without contributing a penny of your own paycheck.
• Healthy balance between work and personal lives. Friday afternoons off all year long, competitive PTO, and generous number of paid holidays.
• Our incentive program for defined goals subject to eligibility and performance. Monetary rewards are based on individual and/or overall company performance.
• Colleagues who support one another, model our core values, and drive our healthy, high-performing culture.

Pay Range: USD $99,373.00 - USD $207,027.00 /Yr.

Range includes data points from multiple labor markets. Specific range is dependent on the labor market where the incumbent will be hired to perform the position. Starting salary is dependent on candidate qualifications and experience. For a narrower salary range specific to your labor market, please inquire.

At this time, we’re not considering candidates that need any type of immigration sponsorship now or in the future or those needing work authorization for this role (This includes, but is not limited to students on F1-OPT, F1-CPT, J-1, etc.)