Role: Cyber Security (Information Security Architect)
Location: Atlanta, GA
Duration:12+
Role Description
- Perform Threat Analysis & Create/Update the Threat Modelling
- The Information Security Architect performs threat analyses for complex technical designs and reports the results using standard templates.
- The Information Security Architect creates the initial Threat Modelling (with new applications/systems) or updates an existing Threat Modelling (with upgraded applications/systems).
- The Information Security Architect tracks critical and high findings and updates the respective changes in the Threat Modelling.
- Derive Security Requirements? Given application or system descriptions, the Information Security Architect derives security requirements that will match the respective level of abstraction.
- Review Design and Report Issues? The Information Security Architect reviews the design documents with respect to o Fulfilment of security requirements o (Common) design error Already known design shortcomings (are they fixed or not) The Information Security Architect submits a written report that lists all shortcomings and suggestions on how to fix them.
- Review Implementation and Report Issues?
- The Information Security Architect reviews the implementation with respect to
Fulfilment of security/design requirements? (Common) implementation errors,? Already known implementation shortcomings (e.g., from Code scan or Pen Testing, are they fixed or not?)?
The Information Security Architect submits a written report that lists all shortcomings and suggestions on how to fix them.
- Review Project Security Planning and Report Issue? The Information Security Architect reviews various project management documents with respect to o plausibility of effort estimates for planned security tasks,
- plausibility of cost estimates for planned security tasks,
- overall plausibility of the timeline for security tasks,
- the overall progress of security, completeness of planned security tasks o security budget planning,
- ordering status of mandatory security services mandatory security-related tasks?
- The Information Security Architect submits a written report that lists. o all shortcomings, together with suggestions on how to fix them, all possible risks to achieving project goals that relate to information security.
- Cyber Security Incident Management? Responsible for end-to-end cyber security incident management process.
- Various Expert Consulting? The Information Security Architect will answer explicit questions on various security-related subjects, e.g. on o Information Classification, o Security aspects of project management, o Technical information security, etc.
- Cryptography,
- Cloud Security,
- TPRM ? Third-Party Risk Management Vulnerability Review and Assessment, Dev Sec-opso Security Tools Audit Support (External and Internal)
- Technical Security Tasks? Given the necessary input, the Information Security Architect will perform complex tasks with a specific, well-described result.
Cyber Security - Information Security Principal, Information Security Architect