Information Security Architect (authorization & authentication)

Prestigious Fortune 500 Firm is seeking a Information Security Architect who is especially strong in technical security control architecture and design. Must also be an  expert in application authorization solutions like single sign-on (Sightminder)  authorization, authentication, access controls, auditing,  and cryptography experience.

BASIC FUNCTION:

This position is responsible for designing, implementing, and continuously updating technical security control solutions supporting enterprise information security policies and standards; conducting gap analysis; providing recommendations to resolve gaps in security; and providing architecture and infrastructure guidance.

JOB REQUIREMENTS:

1) Bachelor Degree in Computer Science, with 5 years IT security experience OR 9 years experience;
2) Experience in technical security control architecture and design, information security solutions engineering, security technology implementation, and security service delivery;
3) Experience in complex enterprise architecture lock-downs;
4) Knowledge of and familiarity with industry laws and regulations mandating information security and information risk management requirements (HIPAA, Sarbanes-Oxley, GLB);
5) Excellent verbal and written communication skills.

PREFERRED JOB REQUIREMENTS:

1) Expert in fundamental authentication and authorization concepts;
2) Expert in application of authentication and authorization solutions to address business and security problems;
3) Expert in web, web service, platform, packaged applications, Back End, and desktop authentication and authorization solutions;
4) Working knowledge in run time authentication and authorization operational processes, including identity management and entitlements management;
5) Working knowledge of a breadth of authentication and authorization technologies, including but not limited to usernames and passwords, digital certificates, two-factor authentication, federated identity management, and RBAC;
6) Advanced understanding of fundamental information security concepts, including authentication, authorization, access control, auditing, and cryptography;
7) Understanding of systems development life cycle;
8) Ability to translate legal and regulatory requirements into specific action plans for development of cryptographic technologies;
9) Exposure to security of a variety of technologies including, Java, WebSphere, PeopleSoft, Siebel, Web Services, WAM solutions, Databases, MQ, ESB, and Web Applications a plus;
10) Excellent verbal and written communication skills