Meet our professionals
CGI: An employer of choice
CGI is looking for a Senior Security Architect to join the team in Hartford, CT.
The information security architect will take a lead role in defining and assessing Client security policy, strategy, architecture, and practices to support Client business objectives and risk management strategies. He or she will work with other architects to ensure that information security is fully integrated into Client enterprise technology architecture, and will help IT project teams to plan and architect their solutions consistent with the enterprise Security architecture. The information security architect will advocate for security requirements and objectives while ensuring that security architectures and practices do not impede the needs of the business.
Your future duties and responsibilities
• Develop and maintain a security architecture that enables Webster to develop and implement security solutions and capabilities that support business goals and mitigate information security risk.
• Experience in leading the creation and adoption of enterprise software security standards and controls
Partner, guide and inspire development teams to address security concerns
• Holds self and others to a high standard and takes initiative to define and drive winning solutions Financial Services background; knowledge of trading platform process and technologies
• Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) for reference and use by IT project teams.
• Track developments and changes in the business and information security environments and update the enterprise security architecture accordingly.
• As a member of the Architecture Review Board, validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks.
• Work with Security Operations staff to develop security strategy, plans, and roadmaps to implement the security architecture. Help Security Operations to review and select security technologies, tools and services to implement the roadmaps. Provide high-level requirements and direction for information security projects.
• Provide input to security policies and standards.
• Work closely with the Project Management Office to ensure that Corporate Information Security is fully aware of the IT project pipeline and that new projects receive all necessary information security risk assessment, requirements, planning advice, and engineering assistance.
• Advise application and infrastructure project teams on information security planning, policy, and architecture and provide high-level security requirements to projects. As a member of the Architecture Review Board (ARB), verify that planned projects conform to IT and security architectures and policies. Hand off to Security Engineering staff to provide detailed security technical requirements help IT projects design and implement security solutions in accordance with ARB guidance.
• As a member of the Change Management Board, verify that proposed system and infrastructure changes conform to information security policy and standards. Hand off to Security Engineering staff to help IT teams remediate deficiencies, if necessary.
• Work with IT teams and the ARB to document storage and transmission of sensitive information and provide architecture and requirements to ensure that this data is secured in accordance with Webster policy, laws, and regulations.
• Work with the Resiliency team to ensure that disaster recovery and business continuity plans include security considerations.
• Help the risk assessment team to evaluate the design and effectiveness of security controls.
• Provide oversight and assess the effectiveness of Client secure software development program.
Required qualifications to be successful in this role
• The successful candidate will demonstrate strong critical thinking and problem-solving skills and will be able to act ethically and confidentially, work as part of a team, communicate clearly and concisely both verbally and in writing, adapt to rapidly changing priorities, and work on multiple projects simultaneously.
• Teamwork and Communication: The security architect must be a consummate team player who readily shares information, facilitates dialogue, and brokers compromises among security, IT, and business stakeholders. He or she must be able to translate security-related matters into business terms that are readily understood by colleagues and must effectively present findings verbally and in writing.
• Business and Organizational Acumen: The security architect is keenly aware of the dynamics of Client business and how IT and information security can support the business. He or she will develop approaches and solutions that serve organizational strategies and goals
• Conceptual Thinking: The security architect's role is primarily strategic and conceptual, not operational. He or she must recognize abstract patterns and relationships among apparently unrelated entities and situations. He or she will apply appropriate concepts and theories in the development of principles, practices, techniques, tools and solutions.
• Openness to Learning: The security architect takes personal responsibility for personal growth and changes his or her own ideas. He or she learns from others, inside and outside the organization, tries new approaches, and broadens the scope of work to learn from work assignments.
Application engineering strategy and architecture design
Extensive knowledge of Java-based application architectures and frameworks (such as Spring) and technologies spanning web, API , micro-services, SPAs and mobile.
Expert knowledge in application vulnerability types, attack vectors and remediation approaches
Industry best practices for secure software development as well as web and mobile application security
Working knowledge of authentication, authorization, access control technologies and protocols
Knowledge of with SaaS/PaaS/IaaS security models, access management, and data protection technology
Expert understanding of the IP protocols and associated security mechanisms: TCP/IP, HTTP, SSL/TLS, PKI
Familiarity with well-known application security sources and standards such as OWASP, WASC and NIST
Must have Fortify product experience.
What you can expect from us
Build your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com.
No unsolicited agency referrals please.
CGI is an equal opportunity employer.
Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status, political affiliation, genetic information, or any other legally protected status or characteristics.
CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at US_Employment_Compliance@cgi.com. You will need to reference the requisition number of the position in which you are interested. Your message will be routed to the appropriate recruiter who will assist you. Please note, this email address is only to be used for those individuals who need an accommodation to apply for a job. Emails for any other reason or those that do not include a requisition number will not be returned.
We make it easy to translate military experience and skills! Click here to be directed to our site that is dedicated to veterans and transitioning service members.
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held.
CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI’s legal duty to furnish information.