Whether you're an investment professional, an expert in sales or a technology specialist, you'll find a culture at MFS that supports you in ...
Whether you're an investment professional, an expert in sales or a technology specialist, you'll find a culture at MFS that supports you in doing what you do best. Our employees work together to reach better outcomes, always favoring the strongest idea over the strongest individual. We put people first and show care and compassion for our community and each other. Because what we do matters - to us as valued professionals and to the millions of people and institutions who rely on us to help them build more secure and prosperous futures.
Job Description Basic Purpose
The Security Architect is a subject matter expert in Information Security and is responsible for the design, implementation, and effective and efficient maintenance of related technologies. Additionally, this individual has broad and expert knowledge of Information Technology at large, with a firm understanding of related disciplines and how they interoperate. The Security Architect is responsible for leading design, implementation, and troubleshooting efforts and is directly accountable for the results. The Security Architect's deep and broad knowledge enables a holistic understanding of the technology environment.
- Serves as key subject matter expert in the field of Information Security, maintaining a deep understanding of the field and its related technologies.
- Proactively develops and maintains strong knowledge of MFS information systems and their related components, and makes recommendations to improve the reliability, scalability, performance, or security of these systems as appropriate. This includes proactive performance tuning and capacity analysis to ensure MFS is maximizing its technology investment.
- Leverages technology to automate manual tasks, and seeks to improve efficiency wherever practicable and appropriate.
- Provides technical support to ensure the ongoing efficient and reliable operations of related MFS information systems. Provides the technical service function for security operations. Responsible for addressing technical level security service requests received by clients. Receives documents, solves, and communicates service resolution according to management's directives and applicable policies, procedures, and standards. Performs work within security service levels and strives to improve service levels and maintain excellent client relationships.
- Assists management in determining Information Security strategy and direction for the company and for selected technologies. Advises IT management on information security issues, systems, processes, products, and services; defines requirements in support of budget plans and makes recommendations for ways to improve performance and reduce costs.
- Develops, enforces and maintains MFS Information Security controls, procedures, and standards.
- Responsible for understanding the internal and external technological tools/software used by the Information Security group to maintain compliance, assess threats and vulnerabilities, support remote and Internet access, and manage encryption. Takes a leadership role in the management of these technological tools by understanding their purpose, application, and overall maintenance and administration.
- Leads security risk assessments to methodically analyze MFS information technology assets and processes, identifying risks from both a technical and business perspective, and recommending mitigation strategies to mitigate those risks to an acceptable level. Works closely with Information Technology and business units to ensure that security controls are properly implemented across the environment, both during design and after deployment. Prepares detailed and well-written documentation.
- Conducts security investigations according to documented procedures and management's directives. Maintains confidentiality in these matters and works to ensure the confidentiality of other information which is encountered during the discharge of security responsibilities.
- Receives broad goals and overall objectives from Management and proactively establishes and implements the methods to attain them.
- Maintain the security of a company's technology environment by planning comprehensive (complex) control design to mitigate threats while balanced with company's risk appetite and provide assurance it works
- Create solutions that balance business requirements with information and cyber security requirements
- Assess, establish and monitor countermeasures that protect, detect and/or deter when an unauthorized attempt occurs
- Serves as mentor to other technical team members, and presents technology briefings to IT and business line management as required.
- Researches and implements industry best practices.
- Bachelor's degree or equivalent experience in a related technical field. Master's degree or equivalent preferred.
- Ten or more (10+) years of related Information Technology with a minimum of six (6+) years of Information Security-specific experience.
- CISSP preferred. Additional possible certifications: CISM, CISA, ISSAP, ISSEP
- Considered subject matter expert in the area.
- Strong knowledge of multiple technologies, platforms, and programming languages.
- Solid understanding of Systems Development Life Cycle models.
- Exceptional communication skills with diverse audiences, including facilitation, negotiation and presentation skills
- Strong critical thinking, analytical skills and attention to detail
- Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments, and provide technical guidance to a security team
- Demonstrated ability to identify risks associated with business processes, operations, information security programs and technology projects
- Intimate knowledge of current and trends with security solutions to be able to integrate with controls and safeguards
- Familiar with emerging technology and the effect on designing security controls, such as Blockchain, Artificial Intelligence, Machine Language, Robotics, Mobile, Cloud (public, private and hybrid for Infrastructure as a Service (IAAS, Amazon Web Services (AWS) or Microsoft Azure), Platform as a Service (PAAS), Software as a Service (SAAS)
- Understanding of network protocols and ability to develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices
- Understand programming language and technologies to write code, complete programming and performs testing and debugging of applications
- Java/J2EE, C#, API/web services, scripting languages and a relational database management system (RDBMS) such as MS SQL Server or Oracle.
If any applicant is unable to complete an application or respond to a job opening because of a disability, please contact MFS at or email for assistance.
MFS is an Affirmative Action and Equal Opportunity Employer and it is our policy to not discriminate against any employee or applicant for employment because of race, color, religion, sex, national origin, age, marital status, sexual orientation, gender identity, genetic information, disability, veteran status, or any other status protected by federal, state or local laws. Employees and applicants of MFS will not be subject to harassment on the basis of their status. Additionally, retaliation, including intimidation, threats, or coercion, because an employee or applicant has objected to discrimination, engaged or may engage in filing a complaint, assisted in a review, investigation, or hearing or have otherwise sought to obtain their legal rights under any Federal, State, or local EEO law is prohibited. " Click here to view the 'EEO is the Law' poster and supplement ."