OSI Systems and its subsidiaries is a vertically integrated provider of specialized electronic systems and for components that meet the critical needs in the homeland security, healthcare, defense, and aerospace industries. As a global company, we are dedicated to developing solutions for our customers and the people they serve to lead the way to a safer and healthier world.
OSI Systems is seeking a Security Architect to perform analysis of the internal, external and 3rd party infrastructure & applications, including cloud services, to evaluate, assess and report on security fitness and policy conformance.
Security Architecture: Technology and Thought Leadership
* Development, definition, and communication of security baselines for all flavors of IT infrastructure, and development of application and infrastructure security standards, including cloud services (IaaS/PaaS/SaaS, etc.)
* Definition of security related processes and procedures for the security department including data classification and business impact assessment criteria.
* Execution of security assessments of requested or planned implementations against corporate security policies and standards
* Identification and classification of risks related to new implementations or existing infrastructure and application solutions and provision of guidance for remediation
* Participation in business and IT initiatives as an information security architecture expert. Provision of guidance to others on proper security practices
* Proactive identification of potential security risks in all aspects of the business including IT technical implementations (applications or equipment) or business process
* Maintaining knowledge and remaining well-informed and ahead of the latest security technologies, methodologies, and events.
* Identification and management of external resources such as vendors, products, or services that may assist in meeting security objectives or promote lower security costs.
* Evaluation and provision of recommendations on security related technology acquisitions, e.g. software applications, software tools, hardware, appliances, services, etc.
* Monitoring and management of product updates/known vulnerabilities as it relates to systems and oversees the implementation
* Execution of security vulnerability assessments, penetration testing, security forensics and incident management where required
* Assistance in making key decisions on security initiatives and acting as quality gatekeeper for security signoff
Supporting the Business
* Participation in business initiatives as a security professional providing consultative support & guidance to others on proper security practices as well as principles.
* Performance of security assessments to identify potential security risks in all aspects of the business including technical implementations (applications or equipment) as well as IT or business processes.
* Development and delivery of end user security awareness training, effective reporting, as well as performance metrics.
* Definition of business and IT process improvements and associated resource requirements.
* Training and mentoring of team members as well as non-team members in the global IT environment.
Risk Management and Reporting
* Development and execution of security metric reporting to ensure business and senior leadership have a proper view of current security state and risks, globally
* Identification of potential security risks in all aspects of the business including technical implementations (applications or equipment) and IT or business process
* Understanding and helping the organization meet regulatory compliance and conformance
* Participation in internal and third party audits of the company's IT security policies, procedures, as well as operational duties while leading any remediation efforts that may be identified as a result of an audit.
* Uphold the company's core values of Integrity, Innovation, Accountability, and Teamwork
* Demonstrate behavior consistent with the company's Code of Ethics and Conduct
* It is the responsibility of every employee to report to their manager or a member of senior management any quality problems or defects in order for corrective action to be implemented and to avoid recurrence of the problem
* Duties may be modified or assigned at any time to meet the needs of the business.
* Bachelor degree in Computer Science, Engineering, or other technical field, or equivalent experience.
* 10 years minimum experience in Information Security, with 5+ years leading broad information security architecture initiative and 2+ years in a lead Security Architecture role.
* CISSP certification required. CISSP-ISSAP, CISM desired.
* The role requires a combination of "expert-level specialized technical" and "analytical professional" IT security skills with the ability to maintain security and confidentiality when dealing with highly sensitive information.
* Strong working knowledge of application security best practices and tools including vulnerability and application scanning, OWASP methodologies and testing criteria
* Deep technical knowledge in information technologies; should be the "expert" in operating systems, networking, database and international business environments
* Strong knowledge of Security, Firewalls, Server administration, databases, VMware, Citrix and legacy Windows operating systems
* Strong knowledge of the intricacies of networking, cloud based solutions and Internet based protocols
* Strong experience in integrating security process into system development lifecycle and project management
* Strong written and oral communication skills, with capability to use Microsoft Office solutions and ability to formulate detailed technical documentation, remediation requirements
* Familiarity with emerging threats and mediation of these risks.
* Deep understanding of security risks and threats as they relate to the company's operating environments
* Deep understanding of compliance to security policies and procedures, especially implementation of NIST security standards (800-53, 800-171), ISO 27001 and HIPAA/HITECH requirements.
* Understanding of ITIL and its practical application
* Ability to formulate detailed technical documentation, remediation requirements
* Demonstrated competency in strategic thinking and leadership with strong abilities in relationship management
* Ability to collaborate with team members in a cross functional and matrix'd IT organization
Equal Opportunity Employer
EEO is the Law
Poster Link: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf
OSI Systems, Inc. has three operating divisions: (a) Security, providing security and inspection systems, turnkey security screening solutions and related services; (b) Healthcare, providing patient monitoring, diagnostic cardiology and anesthesia systems; and (c) Optoelectronics and Manufacturing, providing specialized electronic components and electronic manufacturing services for original equipment manufacturers with applications in the defense, aerospace, medical and industrial markets, among others.
About OSI Systems
OSI Systems is a company that provides electronic systems and components.