Sr. Level Information Security Architect-NIST, ISO 27001 and DFAR

4 Days in Office-Friday Remote
Woodlands
Parking Included Free
Long Term Contract

Information Security Architect Governance, Risk & Compliance (ISO 27001 / NIST, DFAR)
Position Summary
We are seeking an experienced Information Security Architect to lead the design, implementation, and ongoing management of enterprise security governance frameworks and control environments. This role will be responsible for establishing and operationalizing industry-standard security frameworks including ISO/IEC 27001, ISO 27002, and NIST Cybersecurity Framework (CSF), ensuring alignment with regulatory requirements, risk management practices, and enterprise technology strategies.
The ideal candidate brings a strong blend of security architecture, policy development, risk assessment, and audit readiness experience, and is comfortable working cross-functionally with infrastructure, cloud, application, and compliance teams to embed security-by-design principles across the organization.
Key Responsibilities

• Lead the design, implementation, and continuous improvement of information security frameworks aligned to ISO 27001/27002 and NIST CSF
• Develop and maintain enterprise security policies, standards, procedures, and control documentation
• Translate framework requirements into actionable technical and operational controls across cloud, infrastructure, and application environments
• Conduct security risk assessments, gap analyses, and maturity assessments to identify remediation priorities
• Design and manage control libraries, control mapping, and evidence collection processes for audits and certifications
• Support ISO 27001 certification efforts, internal audits, and external regulatory assessments
• Partner with IT, cloud, DevOps, and business teams to integrate security requirements into system architecture and project lifecycles
• Establish metrics, KPIs, and dashboards to measure control effectiveness and security posture
• Lead third-party/vendor risk assessments and security reviews
• Provide guidance on security best practices for AWS/Azure environments, data protection, identity management, and incident response
• Support incident response planning, business continuity, and disaster recovery alignment with security controls
• Educate stakeholders on governance, risk, and compliance requirements and promote a culture of security awareness

Required Qualifications

• 7 10+ years of experience in Information Security, Cybersecurity, or IT Risk & Compliance
• Hands-on experience implementing ISO 27001/27002 controls and leading certification or audit readiness programs
• Strong knowledge of NIST Cybersecurity Framework and control mapping methodologies
• Experience designing enterprise security architectures and control frameworks
• Experience conducting risk assessments and developing remediation plans
• Working knowledge of cloud security principles (AWS and/or Azure)
• Strong documentation, policy writing, and stakeholder communication skills
• Ability to work with both technical and executive audiences

Preferred Qualifications

• Experience in regulated industries such as Energy, Utilities, Oil & Gas, or Manufacturing
• Familiarity with SOC 2, CIS Controls, or other compliance frameworks
• Experience with GRC tools (ServiceNow GRC, Archer, OneTrust, etc.)
• Security certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer or Lead Auditor
• Experience supporting cloud migrations or digital transformation initiatives