FNF is seeking an Information Security Architect to join its Information Security Office (ISO) in their Moon Township, Pennsylvania office.
This position will be reporting to the Director of Security Architecture. The ideal candidate that has experience in cloud security controls, processes and technology, with working knowledge of devops, as well as knowledge of public / private / hybrid cloud infrastructures, security controls and implementation strategies.
This position will be a proven people and program leader capable of driving a unified cloud security program for an enterprise. Duties
Develop, manage and sustain a formalized Cloud Security Program that encompasses security design & assessment, data protection and loss prevention, identity and access management, visibility and monitoring, tooling, governance and resilience.
Partner with ISO teammates to implement processes and technologies that reduce cloud security deficiencies, and help develop creative reporting mechanisms including metrics / key themes that communicate risk to business owners and leadership.
Participate in development and implementation of security design & architecture principles and standards.
Identify security requirements to embed into the CI / CD pipeline.
Develop security related user stories and product specific threat models to embed into platforms related products.
Participate in the development and communication of cloud security Standards and Training.
Build and sustain good working relationships with development and infrastructure teams, and involve them in the overall application and cloud Security Technology strategy.
Work with and influence business contacts in regards to technology controls, risk mitigation techniques related to application and cloud security.
Participate in defining secure cloud design and deployment, secure configuration practices, and leveraging appropriate technology solutions, controls and practices as needed.
Conduct research to identify new attack vectors facing applications and cloud services. Serve as a core team member of the Security Architecture team.
Develop technical security requirements for the business, and see them through the development lifecycle. Collaborate with business contacts to ensure 3rd party cloud applications comply with our standards, controls, policies and principles.
Participate in driving data protection strategies and standards that support application and cloud security.
Provide attentive security consulting including design, reviews and recommendations for various IT projects and initiatives.
Develop processes that assist management in identifying and remediating application and cloud security issues.
Work with business leaders across the firm and its subsidiaries to integrate their systems, applications, and databases into the centralized systems ensuring adherence to Security Controls, Policies and Standards with a focus on automation and control
Work closely with Software and Infrastructure Architects to propose solutions and provide strategic technical direction across the team
Oversee adherence to applicable Security Controls, Policies, and Standards
Partner with business owners and technology groups to synchronize plans to remediate gaps Requirements
8-10 years of experience in various security and technology domains
Experience in modern cloud development and delivery platforms such as Microsoft Azure and Amazon AWS.
Experience in developing security architecture solutions for financial environments is a major plus
Experience developing and delivering security requirements into Agile developed projects and work streams with external dependencies.
Subject matter expertise in cloud service provider security
Must demonstrate a keen understanding of security as a business enabler Education
BS / MS in Computer Science or Business with emphasis in IT or equivalent
Relevant cyber security certifications, such as CISSP, CISM, are optional, but highly desired Additional Skills Must have excellent verbal, written, and presentation communication skills, strong interpersonal skills and the ability to work effectively across project teams.