Cybersecurity: Information Security Architect


CFGI is a unique and highly specialized financial consulting firm that is strategically positioned to assist the office of the CFO through a range of routine and complex business scenarios.  As an extension of your corporate finance team, CFGI works alongside your internal staff, serving in a variety of roles from technical accounting advisor, M&A support, tax services, etc. delivering seamless support services.


Technical & Domain Experience:

        Six plus years of experience in IT systems, network, or application architecture or engineering role with focus on secure enterprise design.

        Three plus years of experience providing advisory services to clients; gathering requirements, design specifications, and create solutions that are aligned with IT security strategy.

        Thorough experience with common information security controls frameworks (e.g., ISO, NIST, CIS, or CSA).

        Experience applying industry frameworks/best practice standards to identify security design gaps in existing and proposed architectures and propose changes and/or enhancements.

        Extensive knowledge & experience in securing systems and applications leveraging well-known information security frameworks and standards (e.g., NIST, CSA, CIS, OWASP, ISO2700 series, SOC 2, etc.) as they align to well-known architecture frameworks (e.g., TOGAF, BOST, SABSA, etc.).

        Understanding of core data privacy and protection standards (e.g., PCI DSS, HIPPA/HITECH, CCPA, etc.).

        Experience delivering security architecture solutions on cloud environments (e.g., Microsoft Azure, Amazon AWS).

        Experience implementing systems or applications based on security hardening benchmark guides (e.g., CIS benchmarks or AWS best practices).

        Experience in writing enterprise-level architecture documentation and analysis.

        Experience in Network Security, Cloud Security, Application Security, Endpoint, Firewall/IPS, Web and Email security.


Process & Project Management Experience:

        Experience managing stakeholders, expectation setting, understanding, and communicating the problem, driving consensus and delivering agreed outcomes.

        Ability to identify risks associated with business processes, operations, information security programs and technology projects.

        Mentor client IT teams as needed for new deployment features or functionality or best-practices.

        Ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background.

        Strong problem-solving and troubleshooting skills.


Soft Skills:

        Ability to prioritize and multitask. Flexibility and adaptability in work approach. 

        Experience of managing a team of consultants.

        Self-motivated and possessing of a high sense of urgency and personal integrity.

        Calmness and clarity of thought under pressure and ability to maintain confidentially. 

        Strong written and verbal communication skills. 

        Demonstrated leader with team-oriented interpersonal skills.

        Train other staff and external clients, as necessary. 


Qualifications / Certifications:

        Bachelor’s or master’s degree in Computer Science, Information Systems, Cybersecurity, or a related field; a minimum of six years of related work experience is preferable.

        Desired certifications: CISSP, CCSP, CISA, CRISC, GIAC, cloud certifications from AWS/Azure/Google Cloud.