GRC Process Architect

This is a fully remote position, open to applicants in Virginia.

📋 Description

• Develop organizational structures, capabilities, and controls to align with NIST CSF, MITRE ATT&CK, and various cybersecurity frameworks to pinpoint strengths, weaknesses, and areas for enhancement.

• Conduct threat modeling exercises to assess proposed or existing designs, uncover attack vectors, and guide teams toward robust architectures.

• Identify security architecture deficiencies at the enterprise level and suggest scalable, actionable remediation plans.

• Design, implement, and enhance repeatable security workflows, architecture standards, and reusable security frameworks.

• Engage early in IT and business solution designs to offer proactive architectural advice and ensure conformity with secure-by-design principles.

• Articulate technical and architectural requirements to key stakeholders by simplifying complex technical ideas into clear, understandable, and actionable information.

• Work collaboratively with Agile, DevOps, and engineering teams to integrate secure development practices and escalate architectural issues when necessary.

• Assess software, platform, and cloud architectures for compliance with contemporary security best practices and propose architectural enhancements.

• Convert business requirements, technical specifications, and regulatory demands into concise and actionable security architecture criteria.

• Serve as a trusted advisor to technology teams, facilitating secure solution development and advocating for the adoption of enterprise security controls.

• Work alongside peer architects and security professionals to exchange best practices, enhance architectural maturity, and maintain consistency across the organization.

• Stay alert to emerging technologies, evolving threats, and industry trends to ensure architectural strategies remain pertinent, proactive, and robust.

• Keep abreast of the current landscape of enterprise IT and security tools, trends, and processes.

• Assess AI-driven systems and integrations for security vulnerabilities, ensuring the ethical use of AI technologies and embedding secure-by-design principles into AI-related architectures.

⛳️ Requirements

• Must be a U.S. Citizen

• Minimum of 5 years of experience in IT or information security engineering or architecture

• Profound knowledge of security principles

• Extensive knowledge of Microsoft cloud services (e.g., Azure Active Directory, Azure IaaS/PaaS, Office 365)

• Solid understanding of secure web application network protocols (HTTP(S), TLS, SFTP, etc.)

• Familiarity with the OWASP Top 10 application security risks and their mitigations

• 5 years of experience in cloud security, application security, and/or network security

🏝️ Benefits

• Competitive compensation ranges based on labor costs

• A diverse array of benefits, including health insurance, retirement plans, paid time off, flexible work options, and professional development opportunities

• Chances for practical experience and certifications