Position- Lead Cyber Security Architect

Location- New York (Remote)

Long Term Contract

Overview:
The Lead Cyber Security Architect / Principal is a pivotal leadership role responsible for overseeing the efforts of the security development function, guiding a team of Security Developer Consultants, and leading the organization's efforts to identify, prioritize, and remediate security risks. This individual will architect frameworks and processes to improve the organization's ability to manage, communicate, and resolve security risks effectively. The Lead Cyber Security Architect / Principal will also serve as the primary liaison between the security development team and the organization's broader cybersecurity, application development, and infrastructure teams, ensuring alignment and understanding across departments.

Key Responsibilities:

• Oversee Security Development Function: Lead and manage the Security Developer Consultants responsible for analyzing and remediating security risks identified through tools like Wiz.io, ensuring timely and efficient resolution.

• Security Framework Development: Design and implement comprehensive security frameworks to define, categorize, and prioritize security risks and vulnerabilities across applications and infrastructure.

• Process Optimization for Risk Response: Develop and implement streamlined processes that allow for efficient responses when security risks are identified. These processes should ensure clarity and enable teams to act quickly and effectively.

• Strategic Risk Management: Continuously assess and evaluate security risks to prioritize remediation efforts, balancing security needs with business priorities.

• Cross-Departmental Liaison: Act as the primary point of contact between the security team, infrastructure, and other key stakeholders, facilitating clear communication and ensuring alignment on remediation strategies. Present risk assessments and guide adjacent teams towards effective resolution strategies.

• Assess and Advise on App Reconfigurations: Evaluate whether identified security issues require application reconfigurations or if alternative measures can resolve them. Provide strategic input on the best course of action based on technical analysis and risk level.

• Establish Security Policies & Best Practices: Develop and enforce security policies, standards, and best practices for application and infrastructure security. Ensure compliance with industry regulations and internal security objectives.

• Incident Response Leadership: In the event of a security incident, guide teams through the risk remediation process, ensuring appropriate and timely actions are taken to resolve the issue while minimizing impact.

• Stakeholder Communication: Communicate complex security issues and risks to executive leadership and non-technical stakeholders in a clear and actionable manner, securing buy-in for key initiatives.

• Mentorship and Leadership: Provide leadership and mentorship to the security team, ensuring their growth and development while fostering a collaborative and proactive security culture across the organization.

Qualifications:

• Extensive Cybersecurity Experience: 10+ years in cybersecurity roles, with a focus on security architecture, risk management, and incident response in complex enterprise environments.

• Team Leadership: Proven experience leading technical security teams, specifically in development-focused roles and application security, with a strong ability to manage and mentor team members.

• Security Frameworks: Expertise in building and implementing security frameworks such as NIST, CIS, or similar, including the ability to adapt frameworks to unique organizational needs.

• Application Security & Development: Deep understanding of secure coding practices, application security, and how vulnerabilities arise within development pipelines.

• Cloud & Infrastructure Security: Advanced knowledge of cloud platforms (AWS, Azure, GCP), container security, and infrastructure security.

• Communication & Collaboration: Strong skills in bridging gaps between security, development, and infrastructure teams, with the ability to communicate technical risks to non-technical stakeholders.

• Security Certifications (Preferred): CISSP, CISM, CEH, AWS Certified Security, or other relevant certifications.

Skills:

• Strong technical expertise in application security and cloud infrastructure.

• Excellent ability to prioritize risks and guide teams through the remediation process.

• Proven track record of building security frameworks and optimizing processes.

• Exceptional problem-solving skills and a proactive approach to identifying risks before they become critical issues.

• Ability to navigate complex organizational structures and influence key stakeholders.

Education:

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent experience).