← Back to Jobs
Administrative
ENTERPRISE INFORMATION SECURITY ARCHITECT
Navy Exchange Service CommandVirginia Beach, VA🇺🇸United StatesPosted 17 Jul 2026
Quick Overview
Work Type
Hybrid
Level
Mid Senior
Job Description
Serve as Information Security Architect with responsibility of developing and maintaining the enterprise architecture of NEXCOM s Security and BC DR programs. Includes working with stakeholders both leadership and subject matter experts to build a holistic view of NEXCOM s strategy processes information and information technology assets. Coordinates the NEX business need with DOD security and business continuity requirements to form a full roadmap for the future. Defines the configurations necessary for fail over to remote disaster recovery site.
Responsible for the design, development, implementation, and/or integration of a DoD IA (Information Assurance) architecture, system, or system component for use within the NEXCOM enterprise.
Performs risk analyses for functional areas to identify points of vulnerability, single points of failure and identifies risk avoidance and mitigation strategies.
Advises NEXCOM on the specific data technologies that support or enhance the organization for the long term strategic responsibilities of NEXCOM IT systems.
Designs, develops, reviews and implements system security measures that provide confidentiality, integrity, availability, authentication, and non repudiation.
Designs, develops, reviews and implements security designs for new or existing technology system(s). Ensure that the design of hardware, operating systems, and software applications adequately address IA security requirements for the computing environment.
Provides system related input on IA security requirements to be included in statements of work and other appropriate procurement documents.
Ensures security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative.
Ensures that the implementation of security designs properly mitigate identified threats.
Develops and maintain the organization's enterprise architecture; alignment of IT security strategy, incorporating NEXCOM's business goals.
Ensures compliance of artifacts to NEXCOM enterprise Information Assurance and BC/DR standards.
Familiar with regulatory requirements such as DIACAP, PCI, PII, SOX.
Participates in enterprise strategy development, including environmental analysis, opportunity identification, value cases and business innovation portfolio development regarding all areas of IT security and BC/DR functions.
Documents system security design features and provide input to implementation plans and standard operating procedures.
Conducts advanced technical research, including market research of solutions based on vendor supplied documents.
Based on current and future business requirements, define configurations necessary for a disaster recovery site.
Installs, configure, and maintain Governance Risk and Compliance toolset.
Plans for future growth and resource needs by consulting with system administrators and other computing technical professionals, recommending and providing security principle guidance and direction.
Investigates and understands the IT threat potentials and provide insight on specific IA threat concerns to NEX components, and recommends mitigation or prevention best practices.
Ensures/implements the rigorous application of Information Security/Information Assurance policies, principles, and practices in the delivery of Systems, Applications and/or Services (Hardware & Software).
Perform other related duties as assigned.
Information Assurance Workforce Certification IAM2 jobs):
SECNAV M 5239.2, DoN, Information Assurance (IA) Workforce Manual requires incumbents of this position to possess and maintain current, one of the following certifications: GIAC Security Leadership Certification (GSLC), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP).
NEXCOM preferred certification is GIAC Security Leadership Certification (GSLC).
Candidate without the required certification may be placed into this position, but must obtain the required certification within 6 months of appointment; failure to obtain this requirement will result in termination of employment.
This position is designated IT 1 (Critical Sensitive) in accordance with SECNAV M 5510.30 and will require favorable Single Scope Background investigation (SSBI).
Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain such will result in termination of employment.
GENERAL EXPERIENCE: 3 years experience in administrative, technical or investigative work which demonstrated the ability and aptitudes required to perform technical, managerial or analytical work involving management information
systems.
OR
SUBSTITUTION OF EXPERIENCE FOR EDUCATION: One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelor's degree in software engineering or business information systems for 3 years of general experience.
AND
SPECIALIZED EXPERIENCE: Five years of experience in at least two of the following:
Technical analysis for infrastructure architecture;
Disaster recovery design methodology;
IT security compliance and reporting;
Technical risk analysis;
Enterprise Architecture
This position is designated IT 1 (Critical Sensitive) in accordance with SECNAV M 5510.30 and will require favorable Single Scope Background investigation (SSBI).
Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain such will result in termination of employment.
Responsible for the design, development, implementation, and/or integration of a DoD IA (Information Assurance) architecture, system, or system component for use within the NEXCOM enterprise.
Performs risk analyses for functional areas to identify points of vulnerability, single points of failure and identifies risk avoidance and mitigation strategies.
Advises NEXCOM on the specific data technologies that support or enhance the organization for the long term strategic responsibilities of NEXCOM IT systems.
Designs, develops, reviews and implements system security measures that provide confidentiality, integrity, availability, authentication, and non repudiation.
Designs, develops, reviews and implements security designs for new or existing technology system(s). Ensure that the design of hardware, operating systems, and software applications adequately address IA security requirements for the computing environment.
Provides system related input on IA security requirements to be included in statements of work and other appropriate procurement documents.
Ensures security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate authorized representative.
Ensures that the implementation of security designs properly mitigate identified threats.
Develops and maintain the organization's enterprise architecture; alignment of IT security strategy, incorporating NEXCOM's business goals.
Ensures compliance of artifacts to NEXCOM enterprise Information Assurance and BC/DR standards.
Familiar with regulatory requirements such as DIACAP, PCI, PII, SOX.
Participates in enterprise strategy development, including environmental analysis, opportunity identification, value cases and business innovation portfolio development regarding all areas of IT security and BC/DR functions.
Documents system security design features and provide input to implementation plans and standard operating procedures.
Conducts advanced technical research, including market research of solutions based on vendor supplied documents.
Based on current and future business requirements, define configurations necessary for a disaster recovery site.
Installs, configure, and maintain Governance Risk and Compliance toolset.
Plans for future growth and resource needs by consulting with system administrators and other computing technical professionals, recommending and providing security principle guidance and direction.
Investigates and understands the IT threat potentials and provide insight on specific IA threat concerns to NEX components, and recommends mitigation or prevention best practices.
Ensures/implements the rigorous application of Information Security/Information Assurance policies, principles, and practices in the delivery of Systems, Applications and/or Services (Hardware & Software).
Perform other related duties as assigned.
Information Assurance Workforce Certification IAM2 jobs):
SECNAV M 5239.2, DoN, Information Assurance (IA) Workforce Manual requires incumbents of this position to possess and maintain current, one of the following certifications: GIAC Security Leadership Certification (GSLC), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP).
NEXCOM preferred certification is GIAC Security Leadership Certification (GSLC).
Candidate without the required certification may be placed into this position, but must obtain the required certification within 6 months of appointment; failure to obtain this requirement will result in termination of employment.
This position is designated IT 1 (Critical Sensitive) in accordance with SECNAV M 5510.30 and will require favorable Single Scope Background investigation (SSBI).
Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain such will result in termination of employment.
GENERAL EXPERIENCE: 3 years experience in administrative, technical or investigative work which demonstrated the ability and aptitudes required to perform technical, managerial or analytical work involving management information
systems.
OR
SUBSTITUTION OF EXPERIENCE FOR EDUCATION: One year of related academic study above the high school level may be substituted for 9 months of experience up to a maximum of a 4 year bachelor's degree in software engineering or business information systems for 3 years of general experience.
AND
SPECIALIZED EXPERIENCE: Five years of experience in at least two of the following:
Technical analysis for infrastructure architecture;
Disaster recovery design methodology;
IT security compliance and reporting;
Technical risk analysis;
Enterprise Architecture
This position is designated IT 1 (Critical Sensitive) in accordance with SECNAV M 5510.30 and will require favorable Single Scope Background investigation (SSBI).
Candidates must be eligible for and obtain a Top Secret Clearance, within 6 months of appointment. Failure to obtain such will result in termination of employment.
Similar jobs
Senior Vendor Security Risk Management Analyst
FM · Johnston, United States
3 minutes ago$106k - $152k/yrPrincipal Information Security Analyst
FM · Johnston, United States
3 minutes ago$121k - $173k/yrIntermediate Systems Administrator
MANTECH · Chantilly, United States
17 minutes agoJunior Cloud Information System Security Officer
MANTECH · Washington, United States
18 minutes agoSecurity Specialist
Cayuse Holdings, LLC · Arlington, United States
54 minutes ago$80k - $99k/yrEnterprise Security Architect
Citadel Information Services Inc · United States
55 minutes ago€80/hr