Security Review Architect

at  Gallagher

Introduction:
Welcome to Gallagher – a global leader in insurance, risk management, and consulting services. With a growing team of more than 45,000 professionals worldwide, we empower businesses, communities, and individuals to thrive. At Gallagher, you can build a career whether it’s with our brokerage division, our benefits and HR consulting division, or our corporate team. Experience The Gallagher Way, a culture fueled by shared values and a collective passion for excellence. Join one of our dynamic teams, where you’ll play a pivotal role in shaping Gallagher’s future and unlocking unparalleled opportunities for both clients and yourself.
We believe that every candidate brings something special to the table, including you! So, even if you feel that you’re close but not an exact match, we encourage you to apply.
Overview:
Security Review Architect will serve as a key technical resource in Global Cyber and Information Security (GCIS) organization. This role will be responsible for reviewing and managing internal requests for security architecture reviews/security risk assessments. The reviews and risk assessments should align to, or provide alternatives for, our current state frameworks, design patterns, standards, reference architectures, best practices and requested technical specifications. This role will make determinations on request priorities based on a standard set of criteria. The role will need to work closely with other Information Security colleagues, IT & Infrastructure organizations and Business teams globally to provide the security architecture reviews and risk assessments. Requests and all related security architecture response documents should be organized and managed in directed locations. This role will communicate the completed reviews with requestors in order to recommend and influence cyber security objectives.

Please note additional position details below:

• This is a Temp-To-Hire, W-2 position. We are not able to do 1099 or C2C.
• It is a fully remote role that will need to be based in the U.S. and Canada

How you’ll make an impact:

Key Responsibilities:

• Work with the Cyber Architecture Manager to further develop and refine the security architecture review process.
• Document and create any processes, frameworks, templates or communications to mature the security architecture review process.
• Keep the intake and review process organized and requestors informed of status. Develop/refine/request automated tooling necessary to best accommodate the process.
• Align with internal teams such as Enterprise Architecture, 3rd Party Risk Management, Mergers & Acquisitions, Cloud Architecture and Engineering, Network, Infrastructure and Security Engineering on the request process to streamline and provide consistency and smooth transitions.
• Refer to and make recommendations to further define and mature Information Security architectural standards, artifacts, design patterns and technical specification documents utilizing feedback from existing reviews.
• Determine if/when/how requests should include security engineers and onboard and collaborate using existing processes.
• Delineate and define reviews/review process for alternative geo locations (non-US) as needed and collaborate with global partners to provide consistency in responses.
• Collaborate with risk and compliance/policy teams to align, create or improve upon risk frameworks, standards or policies in relation to the security reviews.
• Provide feedback to recommend improvements to the global security architecture in order to improve security posture, mitigate risks and balance costs.
• Proactively identify technical and architectural risks as part of the review process creating review documents that comment on, and provide alternatives for, solutions that align to standards.
• Participate at the request of architectural leadership on assigned forums, collaborate, and provide appropriate thought leadership and expertise in cyber security architecture.

About you:

Required:

• Bachelor’s degree or equivalent work experience in Computer Science or related field
• Minimum 2+ years of cybersecurity and/or risk mitigation experience
• Minimum 2+ years of experience in a reviewer or documenter role for detailed technology solutions and environments
• Exposure to, or experience with, creating or evaluating solution architectures, code, models and vendor documents with ability to understand and articulate patterns and cyber security risks to business and technical teams
• Exposure to or experienced with insurance and risk management domains
• Experienced and developed collaboration, elicitation and documentation skills
• Proven success communicating and recommending cyber security architecture best practices and standards for custom and/or SaaS security solutions and services.
• Highly organized with attention to detail, responsiveness and pro-active in keeping inventories updated
• Knowledge and experience in enterprise architecture frameworks such as TOGAF
• Knowledge and experience with security standards frameworks (NIST - CSF, ISO 27001, CSA CCM, PCI-DSS, GDPR)

Preferred:

• At least one certification related to information security such as; CISSP, CCSP, TOGAF Security
• Strong knowledge of cloud (IaaS, PaaS and SaaS) offerings
• Experience working with security tools and concepts such as firewalls, end point protection, MFA and data protection
• Demonstrated working experience in a regulated and globally distributed environment

Key Characteristics:

• Strong communications skills - oral and written
• Self-starter with strong work ethic
• Flexible and resilient, handle various demands planned and unplanned
• Proven ability to handle multiple tasks and projects simultaneously
• Problem solver and desire to close issues, pragmatic and realistic with solutions
• Resilient and collaborative, motivated to pro-actively influence partners to successful security safe resolutions

Compensation and benefits:
On top of a competitive salary, great teams and exciting career opportunities, we also offer a wide range of benefits.

Below are the minimum core benefits you’ll get, depending on your job level these benefits may improve:

• Flexible medical & dental coverage to meet your household’s needs
• Life, Dependent Life and AD & D Insurance options
• Retirement savings including RRSP including a company match, TFSA, pension and more
• Employee Stock Purchase Plan

• Work with the Cyber Architecture Manager to further develop and refine the security architecture review process.
• Document and create any processes, frameworks, templates or communications to mature the security architecture review process.
• Keep the intake and review process organized and requestors informed of status. Develop/refine/request automated tooling necessary to best accommodate the process.
• Align with internal teams such as Enterprise Architecture, 3rd Party Risk Management, Mergers & Acquisitions, Cloud Architecture and Engineering, Network, Infrastructure and Security Engineering on the request process to streamline and provide consistency and smooth transitions.
• Refer to and make recommendations to further define and mature Information Security architectural standards, artifacts, design patterns and technical specification documents utilizing feedback from existing reviews.
• Determine if/when/how requests should include security engineers and onboard and collaborate using existing processes.
• Delineate and define reviews/review process for alternative geo locations (non-US) as needed and collaborate with global partners to provide consistency in responses.
• Collaborate with risk and compliance/policy teams to align, create or improve upon risk frameworks, standards or policies in relation to the security reviews.
• Provide feedback to recommend improvements to the global security architecture in order to improve security posture, mitigate risks and balance costs.
• Proactively identify technical and architectural risks as part of the review process creating review documents that comment on, and provide alternatives for, solutions that align to standards.
• Participate at the request of architectural leadership on assigned forums, collaborate, and provide appropriate thought leadership and expertise in cyber security architecture