WHAT YOU'LL DO
The Platinion IT Security Architect provides internal BCG technical consulting around information security architecture and security design measures for new projects, ventures and systems. The architect defines the desired end state to meet solution Security Goals and overall business goals. The Security Architect ensures the digital applications, tools, and services protect our data, our clients’ data, and our intellectual property; are resilient to cyber-attack; meet BCG policy and standards, regulatory requirements, and industry best practices; while using a risk-based approach to meeting BCG business needs and objectives.
The Security Architect works with consulting teams and business systems teams inside BCG Platinion to secure cloud environments and enterprise information by determining security requirements; planning, implementing, and testing security systems; participate in IT projects as the IT Security Subject Matter Expert; preparing security standards, policies and procedures; and mentoring team members.
YOU'RE GOOD AT
The IT Security Architect is good at:
- Working closely with the Platinion consulting chapters Architecture, Enterprise Solutions, Data Engineering and Cybersecurity teams to design secure solutions in an agile environment utilizing both on-premise and cloud deployments.
- Determining security requirements by evaluating business strategies and requirements, implementing information security standards, conducting system security and vulnerability analyses and risk assessments, recommending secure architecture aligned to business architecture, and identifying/driving remediation of integration issues.
- Creating, maintaining and supporting information security technology strategy and roadmap.
- Researching and analyzing emerging technologies, designing and advocating new technologies, architectures, and security products in collaboration with system and service owners.
- Providing expert knowledge of solution/application architecture as well as methodologies for the software development life cycle.
- Matures application security deliverables to include; Governance, SAST/DAST, Manual finding validation, Secrets Management, Authentication/Private Access integration
- Maintaining security by ensuring compliance to standards, policies and procedures; conducting incident response analysis; and developing and conducting training programs.
- Self-managing progress and status of tasks and deliverables on projects and escalating issues and risks timely.
- Interacting with stakeholders and possessing the ability to influence direction, articulate risks and sell secure solutions/roadmaps.
- Provides ad hoc support to incident management if needed.
- Suggesting and implementing alternative security mitigations/compensating controls to allow for business to continue while protecting BCG's assets.
- Guiding the configuration, implementation, monitoring, and support for security software/systems that will help ensure compliance with regulatory, industry, and corporate policies and procedures.
- Partnering with cross functional teams to ensure compliance to industry and company standards including ISO 27001, NIST and Cobit standards.
- Subject Matter Expert and security domain participant for overall enterprise architecture and other technologists.
- Responsible for driving infrastructure security model to include remediation of SIEM integration and Vulnerability management findings across technology deployed
- Updating job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
YOU BRING (EXPERIENCE & QUALIFICATIONS)
- Bachelor’s degree (or equivalent);
- Preferred certification in one or more Information Security relevant areas such as Security Professional (CISSP, CISM, GSLC), Cloud Security (CCSP, CCSK)
- Minimum of 8 years of information security experience, with a background in cloud native infrastructure, network security, security applications and technologies.
- Subject matter expert in security practices that include the full administration of security control systems, vulnerability identification and mitigation, best practices for securing/hardening, and risk analysis.
- Expert technical knowledge with cumulative hands on experience across a vast array of security platforms.
- Understanding on code deployment and creation of CI/CD. A good understanding of software and solution development for consumption by external customers.
- Knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response.
- In-depth experience of vulnerabilities, intrusion detection systems, firewall management, network vulnerability analysis, cryptographic theory and practice, incident analysis and response, software testing and security assessment, malicious code and software exploitation techniques, continuous monitoring and event logging, cyber-crimes, computer forensics analysis and computer crime investigation.
YOU'LL WORK WITH
You will work in a fast-paced, intellectually intense, service-oriented environment to interpret rules and guidelines flexibly to enhance the business and in keeping with BCG’s values and culture. You will be a part of a team of professionals in support of internal IT and business professionals, and consultants delivering business and management strategy to our clients. You will work with application developers and data analysts providing tools and support for our consultants. You will be an integral part of the BCG Information Security Risk Management team in delivering the security program for Platinion and all of BCG.
To apply for this job please visit itjobpro.com.