University of Rochester

University of Rochester logo

Job Information

University of Rochester Project Dir Info Systems - 232942 in Rochester, New York

Project Dir Info Systems Job ID 232942

Location Central Administration Full/Part Time Full-Time Favorite Job Regular/Temporary Regular Opening

Full Time 40 hours Grade 056 University IT / IS

Schedule

8 AM-5 PM

Responsibilities

GENERAL PURPOSE:

The security architect is responsible for designing security solutions that protect the enterprise, but also allow the enterprise to execute and innovate. The security architect works closely with many diverse and dynamic teams, including, but not limited to, Information Security Operations, IT infrastructure, Information Security Risk & Compliance, application development, departmental IT staff, and end users. The security architect provides expert guidance for addressing current security issues. The architect is expected to think like an adversary and identify how solutions should evolve as the threat landscape changes. The architect provides technical leadership to delivery and solution design team members.

RESPONSIBILITIES:

  • Develops and maintains a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with enterprise, technology and threat drivers

  • Determines baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation and identity and access management (IAM)

  • Develops standards and practices based on the organization's data classification criteria

  • Drafts security procedures and standards to be reviewed and approved by executive management

  • Coordinates with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO

  • Coordinates with the Privacy Office and/or Chief Data Officer to document data flows of sensitive information in the organization (e.g., PII or ePHI) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenization)

  • Validates IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable

  • Reviews network segmentation to ensure least privilege for network access

  • Supports the testing and validation of internal security controls, as directed by the CISO or the internal audit team

  • Consult with departmental IT staff to develop and confirm information security plans meet University standards

  • Act as the Information Security Subject Matter Expert on University Governance councils as needed

  • Remain current with new security threats and assess systems to ensure they can defend the enterprise.

  • Research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership

    Other duties as assigned

    QUALIFICATIONS:

  • A bachelor's degree in information systems or cybersecurity, or equivalent work experience; an M.B.A. or M.S. in information security is required.

  • 8+ years of related experience required

  • or equivalent combination of education and experience

  • At least 5 to 8+ years’ experience in cybersecurity, including compliance and risk management with a background in system and network security engineering.

  • Deep background (preferred 5+ years in addition to cybersecurity) in technology design, implementation and delivery

  • Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private and hybrid environments.

  • Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), and threat intelligence platforms.

  • Experience architecting SIEM systems, threat intelligence platforms, security automation and orchestration solutions, IDS/IPS, file integrity monitoring (FIM), data loss prevention (DLP) and other network and system monitoring tools.

  • Experience with one or more of the following: ISO 27001, NIST, Payment Card Industry Data Security Standard (PCI DSS), Health Information Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health (HITECH) Act, Sarbanes-Oxley Act (SOX) the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards or Service Organization Controls (SOC) 2.

  • Working knowledge of Windows, Linux and Unix.

  • Familiarity with state privacy laws.

  • Ability to think strategically and tactically, with effective decision-making skills.

  • CISSP, CISM, CCSP preferred

    How To Apply

All applicants must apply online.

EOE Minorities/Females/Protected Veterans/Disabled

DirectEmployers