Brown & Brown Insurance

Security Architecture Director

Brown & Brown Insurance

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $200,000 - $225,000 per year

Job Level

Lead

Tech Stack

AWSAzureCloudCyber SecurityDNSFirewallsSQL

About the role

  • Lead the team of security architects to evaluate existing business security strategies, address security risks, and implement control enhancements. Ensure security architecture aligns with business criticality and value. Lead and support information security projects by researching, documenting, and implementing security solutions. Foster relationships with our industry partners to communicate our approach to security and develop programs to establish typical industry security audit reports (SOC 2, etc.). Lead assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development, application security, data protection, cryptography, key management, identity and access management, network security) within SaaS, IaaS, PaaS in cloud environments. Establish technology architecture, align with business criticality and value, evaluate resiliency, application and device rationalization and lifecycles, disaster recovery. Other duties as assigned. Travel requirements are limited and focused on opportunistic engagements with businesses. Position can be staffed as a fully remote team member, with periodic onsite engagements.

Requirements

  • Relevant certifications such as CISSP, CISM, CISA or cloud-specific Microsoft architect-level certification (or willing to obtain one shortly after hiring). Preferred: Microsoft Certified Cybersecurity Architect Expert. Alternatively: Microsoft Certified Solutions Architect Expert. AWS Certified Security Specialty certification. Bachelor's or better in Information Security, Computer Science, or related field. At least 8-10 years of experience in information security, with a minimum of 5 years in cloud security, particularly in Azure and AWS environments. Driven and organized with the ability to direct multiple complex cloud-based projects simultaneously, while managing day to day activities of the teams. Critical thinker, having an ability to identify options, the pros & cons of each from different angles, and to make recommendations based on risks and opportunities. Strong knowledge of security frameworks and standard , including NIST CSF, CIS-18, GDPR, HIPAA, ISO 27001. Exposure to NYDFS, SEC and other regulatory examinations and annual attestations. Solid grounding in basics of infrastructure - VMs, networking, DNS, Firewalls, application design, Cloud Access Security Broker (CASB), Data Loss Prevention (DLP) / Governance, Cloud architectures, server and endpoint security practices. Ability to assist with incident response and forensics associated with cloud compromises. Good understanding of current best practices and approaches to identity and access including Azure AD, OAuth 2.0, SAML 2.0, OpenID Connect. Familiarity with the capabilities of key Azure PaaS workload types, such as App Services, Azure SQL, AKS. Familiarity with approaches to security in the cloud – WAF, OWASP, DDoS protection. Ability to collaborate and assist the CISO with defining and driving security strategic directions.