Security Solution Architect - West Des Moines

job summary: Role Overview

Reporting to the Principal Security Architect, you'll collaborate with the Architecture Review Board to obtain necessary approvals and may provide leadership on large, complex security projects.

Key Responsibilities

Governance and Strategic Leadership:

• Provide architectural vision to align Information Security outcomes with strategic business needs.
• Participate in the Architecture Review Board and related community activities to ensure sound security solutions.
• Help define and contribute to the strategic roadmap and technical direction of both business and IT.
• Develop and refine security procedures and standards for approval by the Chief Information Security Officer (CISO).
• Keep up-to-date with changes in the digital business and threat environments, ensuring these changes are integrated into security strategies and architecture plans.
• Maintain security architecture artifacts (models, templates, standards, and procedures) to leverage security capabilities in projects and operations.

Security Configuration and Infrastructure Management:

• Collaborate with IT Solution Architects to ensure security is embedded into solutions and that security baselines are maintained.
• Develop and maintain baseline security configuration standards for operating systems, network segmentation, and identity and access management (IAM).
• Review IT infrastructure and reference architectures for security best practices, recommending changes to reduce risk where applicable.
• Validate security configurations and access to security infrastructure tools, such as firewalls, IPS, WAFs, and endpoint protection systems.

Security Assessment and Risk Management:

• Conduct or facilitate threat modeling exercises for services and applications to assess risks.
• Ensure a comprehensive and accurate inventory of systems, infrastructure, and applications is reconciled with SIEM or log management tools.

Data Security and Privacy:

• Collaborate with compliance and privacy officers to understand sensitive data (e.g., PII, ePHI) and recommend adequate controls.
• Review network topology to ensure least privilege access.

Collaboration and Best Practices:

• Liaise with other architects and security practitioners to share insights and best practices.

Security Tools and Operational Support:

• Document and communicate security activities, such as models, templates, and standards, ensuring security capabilities are leveraged in projects and operations.
• Provide assistance in troubleshooting and remediating systems impacted by security breaches when necessary.

Commitment to Company Values:

• Embrace Sammons Financial Group Companies' shared values: Accountability, Connection, Openness, Respect, and Integrity.
• Comply with company attendance and punctuality policies to meet business service levels and workflow demands.
• Participate in other initiatives or projects as needed.

Required Qualifications

Discipline-Specific Expertise:

• Proficiency in consultative and collaborative approaches, aligning security strategies with business objectives.
• Leadership skills in managing security initiatives, sensitive data integrity, and policy enforcement.
• Experience securing web development languages and frameworks, such as JavaScript, Spring, Angular, Python, Java, C#, .NET.
• Expertise in securing platforms like Kubernetes, Confluent Kafka, ActiveMQ, Azure Service Bus, Amazon SQS, API gateways, etc.
• In-depth knowledge of database security technologies, including MongoDB, Oracle, MS SQL.
• Familiarity with high-performance development teams using agile methodologies and modern DevSecOps practices.
• Sound knowledge of enterprise systems such as CRM, HR, and Microsoft 365.

General Requirements:

• Security Certifications (e.g., CISSP, CCSP, GWEB, GSEC, or CCSK) are preferred.
• Familiarity with architecture methodologies such as SABSA, Zachman, and TOGAF.
• Minimum of ten years of IT experience, focusing on security.
• At least two years in a Security Architect or Engineer role.
• Expertise in Information Security, compliance, assurance, or other security methodologies and principles.
• Experience in conducting threat-modeling exercises and developing cybersecurity countermeasures and risk mitigation strategies.
• Ability to recommend security products and ensure they meet organizational evaluation and validation requirements.
• Ability to effectively support complex ecosystems of internal and vendor-managed technology platforms.

Additional Information

Work Authorization/Sponsorship: At this time, we do not consider candidates requiring any type of immigration sponsorship or work authorization (e.g., F1-OPT, F1-CPT, J-1, etc.).

Criminal Background Check: A criminal background check is required for this role.

• A competitive benefits package, including Health, Dental, Vision, Company Paid Retirement, PTO, and Holiday Pay.
• Employee Stock Ownership Plan (ESOP): A 100% company-funded retirement plan.
• A healthy work-life balance, including Friday afternoons off year-round, competitive PTO, and generous paid holidays.
• Performance-based incentives tied to individual and/or company success.
• A collaborative environment driven by shared values and a healthy, high-performing culture.

education: Bachelors

responsibilities: What You Can Expect In This Role

Works under the guidance of the Principal Security Architect in getting necessary approvals from the Architecture Review Board. Participates in and may be called upon to provide technical and architectural leadership on large and highly complex security projects.

What You'll Do In This Role

Governance and Strategic Leadership:

• Provides architectural vision to align Information Security outcomes to strategic business needs and goals.
• Contributes to and participates in the Architecture Review Board and Architect community activities to ensure the design and implementation of sound solutions.
• Contributes to the strategic roadmap and technical direction of business and IT.
• Contributes to developing security procedures and standards to be reviewed and approved by the Chief Information Security Officer (CISO).
• Tracks developments and changes in the digital business and threat environments to ensure these are adequately addressed in security strategy plans and architecture artifacts.
• Develops and maintains security architecture artifacts (models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.

Security Configuration and Infrastructure Management:

• Works with IT Solution Architects to ensure security is baked into all solutions and that regular cadence is established for maintaining a secure baseline.
• Develops baseline security configuration standards for operating systems (e.g., operating system hardening), network segmentation, and identity and access management (IAM).
• Validates IT infrastructure and other reference architectures for security best practices and recommends changes to enhance security and reduce risk where applicable.
• Validates security configurations and access to security infrastructure tools, including firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), anti-malware/endpoint protection systems, etc.

Security Assessment and Risk Management:

• Conducts or facilitates threat modeling of services and applications to assess the associated risk and data.
• Ensures that a complete, accurate, and valid inventory of all systems, infrastructure, and applications is conducted and reconciled with the security information and event management (SIEM) or log management tool.

Data Security and Privacy:

• Coordinates with the compliance and privacy officers to understand sensitive data within the organization (e.g., PII or ePHI) and recommends controls to ensure this data is adequately protected.
• Reviews network topology to ensure the least privilege for network access.

Collaboration and Best Practices:

• Liaises with other architects and security practitioners to share best practices and insights.

Security Tools and Operational Support:

• Tracks, documents, and communicates security-related activities (models, templates, standards, and procedures) that leverage security capabilities in projects and operations.
• May be asked to work with peers to troubleshoot and remediate any systems impacted by security breaches.

Organization:

• Commitment to embrace Sammons Financial Group Companies shared values (Accountability, Connection, Openness, Respect, and Integrity)
• As stated within the Company Attendance and Punctuality policy, regular attendance is required and expected to meet the business service levels and workflow demands.
• Participate in other initiatives or projects as necessary

What We're Looking For

Discipline-specific Qualifications:

• Proficient in consultative and collaborative methods, ensuring security strategies align with business objectives, guiding security teams, effectively communicating technical concepts, and resolving complex security challenges.
• Skilled in overseeing security initiatives, upholding integrity in managing sensitive data, and exemplifying leadership by enforcing security policies.
• Preferred experience securing web development languages and frameworks, such as JavaScript, Spring, Angular, Python, Java, C#, .NET, and more.
• Well-versed in securing platforms such as Kubernetes, Confluent Kafka, ActiveMQ, Azure Service Bus, Amazon SQS, API gateways, etc.
• Thorough understanding of various database security technologies supporting MongoDB, Oracle, MS SQL, etc.
• Capable of working in high-performance development teams using agile methodologies alongside modern DevSecOps practices.
• Sound knowledge of enterprise and back-office systems such as CRM, HR, Microsoft 365, and other financial services systems

General Qualifications:

• Security Certifications (CISSP, CCSP, GWEB, GSEC, or CCSK) preferred
• Experience in using architecture methodologies such as SABSA, Zachman, and TOGAF
• At least ten years of experience in Information Technology with a security focus
• Minimum of two years of experience in a Security Architect or Engineer role
• Extensive experience in Information Security, compliance, assurance, or other security standard methodologies and principles
• Documented experience and a solid working knowledge of the methods to conduct threat-modeling exercises on new applications and services
• Experience applying cybersecurity and privacy principles and organizational requirements
• Experience with developing specific cybersecurity countermeasures and risk mitigation strategies for systems or applications
• Experience in identifying, assessing, and recommending cybersecurity or cybersecurity-enabled products for use within a system and ensuring that recommended products follow the organization's evaluation and validation requirements
• Ability to effectively operate in support of a complex ecosystem of technology platforms managed by internal resources and vendor partners

• Criminal background check required.

• Sammons Financial Group offers a competitive benefit package that includes: Health, Dental, Vision, Company Paid Retirement, PTO and Holiday Pay.
• Our Employee Stock Ownership Plan (ESOP) is a 100% company-funded retirement plan, so you can save for retirement without contributing a penny of your own paycheck.
• Healthy balance between work and personal lives. Friday afternoons off all year long, competitive PTO, and generous number of paid holidays.
• Our incentive program for defined goals subject to eligibility and performance. Monetary rewards are based on individual and/or overall company performance.
• Colleagues who support one another, model our core values, and drive our healthy, high-performing culture.

Salary Range Information

For a narrower salary range specific to your labor market, please inquire.

Work Authorization/Sponsorship

At this time, we're not considering candidates that need any type of immigration sponsorship now or in the future or those needing work authorization for this role (This includes, but is not limited to students on F1-OPT, F1-CPT, J-1, etc.)

qualifications:

• Experience level:
• Education: Bachelors

• Network Security

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact HRsupport@randstadusa.com.

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including health, an incentive and recognition program, and 401K contribution (all benefits are based on eligibility).

This posting is open for thirty (30) days.