Information Security Architect



<< Return to Search Results

Brooksource is searching for a skilled Information Security Architect to join our leading NC/SC based Healthcare client for a 6-month contract to hire. This is the ideal opportunity for someone with 5+ years of experience and strong communication and organizational leadership to make a big impact to a growing healthcare organization.

The Information Security Architect is responsible for ensuring that the information security requirements necessary to protect the warranty considerations of the organization’s core business processes are adequately addressed in all aspects of enterprise architecture. The Information Security Architect works primarily at the information system and business process level.

The Information Security Architect develops system concepts in all phases of the systems development lifecycle to translate technology and environmental conditions (e.g., law and regulation) into secure designs and processes for information systems.

Essential Functions:

·        Develop an information security architecture that describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of information.

·        Integrate information security considerations into systems development lifecycle processes.

·        Aid operational teams during the development, documentation and maintenance of secure baseline configurations of information technology systems.

·        During the design of new information systems, assist business/process owners with determining audit logging use cases to support information security detection processes.

·        Assist with the identification of information system vulnerabilities.

·        Evaluate current or emerging technologies to consider factors such as security and compatibility with the organizational information security architecture.

·        Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's information security architecture.

·        Identify the protection needs (i.e., security controls) for information system(s) and network(s) and document appropriately.

·        Define and document how the implementation of a new system or new interfaces between systems impacts the information security architecture of the current environment.

·        Evaluate information system changes to determine impact to the security controls of the information system and the information security architecture of the current environment.

·        Select the security controls for the information system and document the controls in a security plan or service design package.

·        Monitor and evaluate the security of organizational configuration management and systems development lifecycle processes.

·        Perform security reviews and identify gaps in information security architecture.

·        Assess and assist with the design of key business processes (as related to information security).

·        Document and manage an enterprise technical risk register, prioritizing and managing technical risks throughout the system lifecycle.


·        Education: Bachelor’s Degree/4 years, or equivalent required.

·        Required Experience: 5 years

·        Certifications: CISSP-ISSAP, GCED, CASP, or equivalent required.

Additional Skills Required:

·        Advanced knowledge of enterprise information technology (IT) architectural concepts and frameworks (i.e.; The Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DODAF], Federal Enterprise Architecture Framework [FEAF])

·        Basic Knowledge of network types (i.e.; PAN, LAN, MAN, WAN).

·        Basic knowledge of routing protocols (i.e.; OSPF, IS-IS, EIGRP, IGRP, BGP, etc.).

·        Basic Knowledge of network protocols with intermediate to advanced knowledge in one or more areas (i.e.; TCP, HTTP, SMTP, IMAP, ICMP, UDP, etc.).

·        Advanced knowledge of fundamental information security architecture principles (i.e., trust zones, demilitarized zones, tiered architecture).

·        Advanced knowledge of network security architecture concepts, including topology, protocols, components, and principles (e.g.; application of defense-in-depth).

·        Intermediate knowledge of system/network access, identity, and access management (e.g.; public key infrastructure [PKI]).

·        Advanced knowledge of user authentication methods and factors.

·        Intermediate knowledge of authentication protocols (i.e.; Kerberos, SAML, RADIUS).

·        Basic knowledge of encryption algorithms (i.e.; AES, DES, RC4, etc.).

·        Advanced knowledge of encryption protocols (i.e.; IPsec, TLS, SFTP, etc.).

·        Advanced knowledge of systems architecture and potential impact to the security properties of data (e.g.; process, store, transmit/receive).

·        Basic knowledge of server and client operating systems with intermediate to advanced knowledge in one or more areas (i.e.; Microsoft Windows, Unix, BSD, iOS/Mac OS, Linux [distributions including Android, Chrome, Debian, etc.])

·        Basic knowledge of secure application development principles.

·        Advanced knowledge of information security properties of data (i.e.; confidentiality, integrity, and availability).

·        Basic knowledge of database management systems (DBMS) (i.e.; object-oriented, relational, hierarchical, network) and DBMS solutions.

·        Basic knowledge of network components with advanced knowledge in one or more areas (i.e.; routers, switches, hubs, etc.).

·        Intermediate knowledge of embedded systems, their use, and possible security considerations.

·        Advanced knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs

·        Intermediate knowledge of risk management processes, including steps and methods for assessing risk.

·        Advanced knowledge of secure configuration management techniques.        

·        Advanced knowledge of the systems development lifecycle.

·        Basic knowledge of telecommunications concepts.

·        Advanced knowledge of the systems engineering process.

·        Advanced knowledge of Personal Health Information (PHI) and Personally Identifiable Information (PII) regulatory requirements.

·        Advanced knowledge of Payment Card Industry (PCI) data security standards.

·        Intermediate knowledge of leading practice informational references for information security with advanced knowledge in one or more areas (i.e.; CIS, OWASP, SANS, CSA, etc.).

·        Intermediate knowledge of security tools with advanced knowledge in one or more areas (IDS, FIM, Vulnerability Scanner, SIEM, Forensics, Network Mapping, Penetration Testing, Encryption, etc.).

·        Basic knowledge of specialized system security requirements (e.g., critical infrastructure systems that may not use standard information technology [SCADA-like]).

·        Advanced skill in discerning the protection needs (i.e., security controls) of information systems and networks.

·        Advanced skill in applying and incorporating information security into proposed solutions.

·        Advanced skill in determining how a system should work and how changes in conditions, operations, or the environment will affect security outcomes.

·        Advanced interpersonal communication skill, both written and oral, with the ability to communicate effectively to technical and non-technical audiences.

·        Advanced technical writing skill.

·        Advanced skill with MS Office suite of tools and SharePoint.

·        Advanced attention to detail and organization skills.

·        Advanced analysis and critical thinking skills.

·        Ability to develop productive working relationships with business and technical groups.

·        Ability to effectively prioritize multiple responsibilities.

·        Ability to take direction as well as work with a high degree of independence.


Additional Skills Preferred:

·        Basic knowledge of network systems management principles, models, methods (e.g.; performance monitoring), and tools.

·        Basic knowledge of penetration testing methods (i.e.; black-box, white-box).

·        Basic knowledge of systems testing and evaluation methods (i.e.; unit testing, integration testing, regression testing).

·        Basic knowledge of interpreted and compiled computer languages.

·        Basic knowledge of fault tolerance.

·        Basic knowledge of information theory.

·        Basic knowledge of information technology (IT) supply chain security/risk management policies, requirements, and procedures.

Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.