Back to search
Quantam Linkedin · Posted yesterday

Information Security Analyst

Frankfort

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Quantam Solutions provides IT solutions and consulting for various clients. We offer competitive hourly wages, health benefits, paid time off, and a 401(k) plan. We are currently seeking a Information Security Architect.


Position Overview

The Information Security Architect will act as the Subject Matter Expert for security operations, advising internal development teams, technology leaders, and external vendor partners on security strategies, standards, and requirements.


This role will assess the current state of the organization’s security program, define future-state security capabilities, and develop implementation roadmaps designed to strengthen the organization’s overall security posture. The selected candidate will also design, implement, and maintain security solutions that protect sensitive information, systems, and organizational assets.


The position requires close collaboration with technical, operational, compliance, privacy, and leadership teams to identify risks, develop security strategies, and implement effective controls.


Key Responsibilities


Security Program Development

  • Assess the current state of the organization’s information security program.
  • Define future-state security capabilities and develop implementation roadmaps.
  • Develop business cases, performance metrics, and key performance indicators for security initiatives.
  • Communicate and promote the security program across the organization.


Security Policy Management

  • Review, manage, and improve security policies, procedures, and standards.
  • Ensure security policies align with organizational goals, regulatory requirements, and industry best practices.
  • Advise leadership on security strategy, priorities, and decision-making.


Security Strategy and Collaboration

  • Collaborate with enterprise architects, security operations teams, development teams, and business leaders.
  • Develop organization-wide security strategies based on recognized frameworks and industry best practices.
  • Provide guidance based on the organization’s technology strategy, business objectives, and risk tolerance.


Security Architecture

  • Develop, implement, and maintain an enterprise security architecture process.
  • Ensure security architecture aligns with business requirements and technology drivers.
  • Create security strategy plans, architectural standards, and multiyear security roadmaps.
  • Evaluate system designs and integrations for security risks and architectural compliance.


Security Standards and Procedures

  • Draft security standards, procedures, and guidelines for leadership review and approval.
  • Establish baseline security configuration standards for:
  • Operating systems
  • Network segmentation
  • Identity and access management
  • Cloud environments
  • Applications and infrastructure
  • Promote consistent implementation of security controls throughout the organization.


Risk Assessment and Threat Modeling

  • Conduct and support information security risk assessments.
  • Recommend appropriate risk response and mitigation strategies.
  • Identify security risks associated with system integrations, applications, infrastructure, and third-party services.
  • Conduct or facilitate threat-modeling sessions for applications and services.
  • Document identified risks, recommended controls, and remediation plans.


Development and DevOps Security

  • Partner with application development and DevOps teams to promote secure coding practices.
  • Review application development processes for security weaknesses.
  • Escalate concerns related to insecure coding practices or inadequate security controls.
  • Support the integration of security controls into the software development lifecycle.


Privacy and Compliance

  • Collaborate with privacy, legal, audit, and compliance teams.
  • Document data flows involving confidential, regulated, or sensitive information.
  • Recommend security and privacy controls based on data classification and regulatory requirements.
  • Support compliance activities, audits, assessments, and remediation efforts.


Security Operations Support

  • Support internal security control testing and validation activities.
  • Assist the Chief Information Security Officer and internal audit teams with security reviews.
  • Evaluate security tools, technologies, services, and vendors.
  • Recommend solutions based on organizational needs, security metrics, risk, and technical requirements.


Security Infrastructure

  • Evaluate, select, implement, and maintain security technologies and solutions.
  • Configure or provide architectural oversight for security infrastructure, including:
  • Firewalls
  • Intrusion detection and prevention systems
  • Endpoint protection platforms
  • Encryption solutions
  • Authentication technologies
  • Identity and access management controls
  • Network and cloud security tools
  • Ensure security technologies are properly integrated and aligned with organizational standards.


Incident Response and Forensics

  • Develop and maintain security incident response plans and procedures.
  • Support the investigation, containment, remediation, and recovery of security incidents.
  • Conduct or assist with post-incident reviews and forensic investigations.
  • Identify root causes and recommend controls to prevent similar incidents.


Security Awareness and Training

  • Develop and deliver security awareness and education programs.
  • Educate employees and technical teams on security risks, responsibilities, and best practices.
  • Provide ongoing guidance and support regarding security-related questions and concerns.


Required Qualifications

  • Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Information Technology, or a related field.
  • Five or more years of experience in information security architecture, design, engineering, or implementation.
  • Demonstrated experience developing security strategies, architectures, standards, policies, and roadmaps.
  • Experience performing security risk assessments and recommending mitigation strategies.
  • Experience with security incident response, control testing, vulnerability management, and forensic analysis.
  • Knowledge of application, infrastructure, cloud, network, endpoint, and identity security.
  • Experience collaborating with executive leadership, technical teams, vendors, auditors, and business stakeholders.
  • Strong written and verbal communication skills.
  • Excellent technical documentation skills.
  • Ability to organize complex initiatives into milestones and successfully execute projects through completion.
  • Ability to work independently with limited supervision.
  • Proficiency with Microsoft Office applications, including Word, Excel, Outlook, and PowerPoint.


Preferred Qualifications

  • Advanced degree in Computer Science, Information Security, Cybersecurity, or a related discipline.
  • One or more of the following certifications:
  • Certified Information Systems Security Professional
  • Certified Information Security Manager
  • Certified Information Systems Auditor
  • Other relevant information security certifications
  • Experience working with government agencies or highly regulated organizations.
  • Experience supporting classified or sensitive systems and their related security requirements.
  • Experience evaluating security vendors, products, and services.
  • Familiarity with information security and technology frameworks, regulations, and standards, including:
  • Federal Information Security Modernization Act
  • Federal Risk and Authorization Management Program
  • ISO 27001
  • COBIT
  • National Institute of Standards and Technology frameworks
  • Information Technology Infrastructure Library
  • Knowledge of secure software development, DevSecOps, and cloud security principles.
  • Strong understanding of general network and cybersecurity concepts.


Additional Skills and Competencies

  • Ability to influence leadership and motivate technical and business teams.
  • Innovative and solutions-oriented mindset.
  • Strong analytical and problem-solving abilities.
  • Ability to communicate complex security concepts to both technical and nontechnical audiences.
  • Ability to remain current on emerging security technologies, threats, practices, and standards.
  • Commitment to continued professional development through training, research, professional publications, networking, and industry participation.


Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent