|Job Ref:||2016-178597||Employer:||Keane Group||Address:||Post Date:||22/10/2016 21:02|
Overview: At NTT DATA, we know that with the right people on board, anything is possible. The quality, integrity, and commitment of our employees have been key factors in our company's growth and market presence. By hiring the best people and helping them grow both professionally and personally, we ensure a bright future for NTT DATA and for the people who work here.|
A group company within NTT DATA currently seeks a Senior Security Architecture Assessment Analyst to join our team in Halifax, Nova Scotia.
Position Functions or Responsibilities: As part of a group of security architecture assessment analysts, you will handle security architecture assessments on IT systems and applications for Vendors. NTT DATA is looking for a Senior Security Architect Assessment Analyst to review technology and architecture involving vendors. This role requires experience in application and/or infrastructure security and technology risk management in a highly regulated environment. The consultant will use defined assessment guidelines when performing risk analysis activities.
The assessment team is responsible for ensuring that systems deployed in the production environment meet all Security Architecture guidelines and standards, and that appropriate remediation plans are put into effect for any systems not meeting these standards.
Our client onboards large vendor services and requires detailed assessments of technology setup, technical architecture, and possible insider/external security threat for information loss. The Security Assessment Analyst will handle delivering the assessment in a timely manner while our client is finalizing the contract.
The ideal candidate will have experience working in multiple vendor service environments such as cloud services, data center, remote apps support, managed services delivery, ODC set up, offshore location setup, etc. They should also have experience managing/assessing vendor environment set ups and evaluating any risks to the client's environment. As a senior team member they would need to have experience managing/mentoring junior team members and guiding them through the assessment process.
This role requires strong communication skills as you will be working with technology stakeholders, senior executives and external vendors. Strong architecture experience is required to perform assessments for complete systems/solutions involving end-to-end technologies and processes. You must possess technical security knowledge to protect technology solutions and set up from internal and external threats.
Duties and Responsibilities (day to day)
- Contacting system owners for assigned systems to gather relevant background material about the system/application and setting up interviews for information gathering.
- Conducting remote/in-person interviews with system owners to get all required information for assessment and to identify any gaps.
- Reviewing system related material including specifications, diagrams, requirements and test plans to ensure security related standards are followed.
- Reviewing results with system owners, as needed.
- Conducting security assessments using available documentation.
- Creating comprehensive security architecture assessment reports that clearly identify root-cause and remediation strategies.
- Developing and establishing global security standards and processes.
- Evaluating new and emerging products and technologies while making recommendations concerning the introduction of new technologies.
- Mentor Consultants in both technical and consultative skills to ensure the team executes at a consistently high level
- Acting as Technical Lead on assessment tasks; ensuring the assigned cases are assessed as scoped, that attacks are taken to their fullest potential and that creative, complex and blended attacks are used to further add value to engagements.
Basic Qualifications: Required Skills:
- Excellent verbal and written communications skills, including presentations to clients and senior technical resources.
- Ability to manage expectations and handle high-pressure situations with tight deadlines.
- Experience in an information security (application and/or infrastructure) role in an enterprise environment.
- Ability to explain common application vulnerabilities and remediation strategies to developers.
- Ability to explain technology risks introduced by application vulnerabilities to a system's Business Owner.
- Ability to quickly adapt to changing priorities and demands
- Comprehensive web application security expertise.
- Excellent security knowledge (access control) of one or more applicable security technologies or platforms.
- Excellent knowledge of information security processes, response procedures, and various attack methods used for information theft or network intrusion.
- Excellent analytical and problem-solving skills.
- Excellent knowledge of network technologies as they pertain to communications, computer system environments and related infrastructures.
- Experience in application and integration of globally accepted security standards.
- Knowledge of the Security Assessment and Authorization (SA&A) process is required.
- Knowledge of primary control frameworks such as: ISO, CObIT, SOX, PCI, etc. is required.
- Experience with security architecture analysis as well as secure software system designs and architecture including common development platforms and hardware/languages.
- Experience designing and implementing enterprise applications.
- Comprehensive web application security expertise.
- Strong understanding of general Information security principles and solutions including design principles, data flow, connectivity and configuration.
- Knowledge of network protocols (e.g. TCP/IP, DHCP, DNS) and design processes including an understanding of security objectives, operational objectives, and tradeoffs.
- Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]) as well as encryption.
- Working knowledge of Office applications (Windows, Office Professional, Visio, etc.) and specialized project/program management software (MS Project, etc.)
- Knowledge of the iOS or/and Android platform and their security model is a plus.
- Experience in security testing is a plus.
- Knowledge of cloud security architecture is a plus.
- Financial Services industry knowledge is a plus.
- ITIL Knowledge/Certification is a plus.
- Preferred: CISSP, GIAC, SSCP or, CEH, CSSLP is a plus.
This is a full-time salaried position with a group company within NTT DATA. Please note, contractors will NOT be considered. This position is only available to those interested in direct staff employment opportunities. We offer a full comprehensive benefits package that starts from your first day of employment.
About NTT DATA
NTT DATA is your Innovation Partner anywhere around the world. With business operations in more than 35 countries, we put emphasis on long-term commitment and combine global reach and local intimacy to provide premier professional services from consulting, system development, business process and IT outsourcing to cloud-based solutions.
Visit NA to learn how our consultants, projects, managed services, and outsourcing engagements deliver value for a range of businesses and government agencies.
Options: Apply for this job online Apply
Refer this job to a friend Refer
Share on your newsfeed