BUILD YOUR FUTURE, WHILE PROTECTING THEIRS.
You will be challenged. Rewarded. And valued for your unique experience, background and perspective.
Join a team where hard work pays off and original thinking is celebrated. As you build your future at Westfield, you will quickly learn that protecting our customers future is at the heart of what we do. We deliver on our promise to help restore lives and rebuild businesses when the unexpected happens. Building relationships has been a part of our culture since 1848.
Be a part of a team that recognizes and appreciates those who take initiative, seek opportunity and strive for innovation in a changing world.
Information Security Architecture Job Summary
Salary Range: $116,802.00-$134,323.00-$151,843.00
The Information Security Architecture is responsible for information security systems architecture and/or data engineering. The Analyst will focus on one of two areas in information security:
* Information System Architecture - managing and participating in the solution identification, evaluation, selection, and implementation of security-related tools and services for IT projects and other initiatives.
* Data Security Engineering - the administration of the Guardium data security platform, its configuration, policies, and reporting.
The Analyst collaborates with IT business partners to ensure the successful planning, implementation, and maintenance of information security projects along with policies and procedures.
Essential Functions (primary functions and/or reasons the job exists in order of importance)
1. Responsible for information security systems architecture and/or data engineering.
As assigned, responsible for managing and participating in the solution identification, evaluation, selection, and implementation of security-related tools and services for IT projects and other initiatives. Assists in the selection and integration of products and solutions that align with operational and architectural requirements. Analyzes commercial information security products and services and recommends solutions
As assigned, responsible for the administration of the Guardium data security platform, its configuration, policies, and reporting. Operates the database security platform and related technical security controls including: research, recommendations and implementation.
As assigned, responsible for the security event management process including monitoring, logging, alerting, auditing and reporting on threats, vulnerabilities and breaches as generated by the Guardium security platform, and other tools. This includes determination of the appropriate thresholds to monitor the environment for anomalous behavior.
2. Guides and coaches project team members in the identification, development, and completion of deliverables consistent with information security policy and standards. Responsible for ensuring that information security standards are followed on projects, documentation is completed, and assignments are completed accurately and on time.
3. Makes recommendations and assists in implementing changes to work processes and procedures to strengthen and improve company security measures. Provides security consulting and project management services on highly complex information security projects and issues.
4. Facilitates meetings with cross-functional teams to establish the creation of current and future state information security models; analyzes impacts to current architectures, processes, and procedures; creates recommendations and proposals. Works with developers and IT Engineers during new product design to ensure database security best practices are implemented.
5. Identifies and evaluates potential threats and vulnerabilities (either detected internally or publicly announced) that could impact the companys applications or infrastructure and recommends mitigating controls to reduce the companies risk.
6. Remains current on database security threats, emerging information security technology, and industry best practices and trends. Disseminates information security information throughout the company as needed to protect against security threats.
7. Creates database security reports for individual and collective platforms and performs database vulnerability and penetration assessments, as assigned.
8. Participates in architectural governance activities and processes, as needed.
9. Provides information security requirements for new and existing contracts.
10. Works with the Database Administrator (DBA), System Administrator and User Administration staff in developing proper database access control methods and minimum security baselines. Works with business owners to classify database assets.
11. Provides subject-matter expertise and support to project teams as needed.
12. Participates fully in change management across IT and IT infrastructure. Coordinates changes with other areas of the IT department as appropriate.
13. May be assigned to participate on the Security Incident Response Team (SIRT) responding to incidents that may occur.
14. Participates in disaster recovery tests including verifying scripts and performing mock disaster recoveries, as needed.
15. Maintains working knowledge and understanding of information security, risk management, and regulatory compliance topics. Participates in professional industry groups, creates a network of key contacts, and researches topics to stay abreast of information security industry changes.
16. Travels occasionally in order to participate in special assignments, training, and/or travel between office locations.
Desired Qualifications/Experience/Certification/Education (in order of importance)
1. 6 or more years of IT security architecture, engineer, and/or database administration experience.
2. Information security experience including experience and knowledge in one or more of the following areas:
a. Current information security techniques and technologies.
b. Relational Database Management Systems (RDBMS) software, technology, administration, and utility tools.
c. IT security architecture principles and best practices.
d. Data security governance and monitoring, data location and classification, and data access.
3. Experience with methods used in performing risk analyses and assessments.
4. Highly proficient computer and systems skills, with skills in scripting and basic programming gained through previous work experiences.
5. Experience maintaining and updating documentation necessary for supporting security environments.
6. Strong oral, written, and interpersonal communication skills resulting in the ability to interface with managers and staff at all levels within the organization.
7. Experience evaluating performance and scheduling, planning, and organizing staff in problem-solving activities.
8. Experience training, designing process solutions, and directly interacting with customers.
9. Excellent project management, organizational, and prioritization skills with the ability to manage multiple activities/demands simultaneously and to recognize and address workload issues as needed.
10. Working towards obtaining or have already obtained the following: Certified Information Systems Security Professional (CISSP) or other recognized security designation(s).
11. Bachelors degree or commensurate experience.
12. Valid drivers license and a driving record that conforms to company standards.
Physical Requirements (specific to the role)
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
* Ability to work effectively in an office environment for 40+ hours per week (including sitting, standing, and working on a computer for extended periods of time).
* Ability to communicate effectively in a collaborative work environment utilizing various technologies such as: telephone, computer, web, voice, teleconferencing, e-mail, etc.
* Ability to travel as required.
This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.
Westfield offers a Total Rewards program that focuses on compensation, benefits and wellness, and includes perks like 401(k), pension plan, annual incentive, education reimbursement, flex-time, onsite fitness center and casual dress. Work-life balance, recognition, and learning and career development are all part of a rewarding career with Westfield.
To learn more about Westfield and the opportunities available, please visit us at westfieldinsurance.com.
We are an equal opportunity employer/minority/female/disability/protected veteran.