Application Security Architect

Description

Job Details Develop and implement the application security program inline with industry best practices and compliance
Serves as highest level technical architecture expert for software development / infrastructure teams at the program level
Determine and develop architectural approaches and solutions, conduct business reviews, document current systems, and develop recommendations of how to proceed with the applications
Has extensive experience delivering IT solutions; developing designs and architecture documents that the rest of the SDLC teams can follow
Develops and drives short & long term architecture strategy for the overall IT project portfolio for key business segments
Uses a broad and deep understanding of technical concepts in multiple specialized fields to develop solutions to problems and critical design issues
Provide guidance on and oversee secure application coding practices conducted by other technical teams
Leads and facilitates sync meetings between product innovation teams, infrastructure, and architecture to build security in their processes and projects
Advises and influences business leaders, at different levels, regarding corporate security strategy, initiatives, services, and requirements
Facilitates and drives to completion of cross functional activities to meet security tactical and strategic objectives
Ensure application security program alignments with industry frameworks such as the NIST Cyber Security Framework, ISO27001, FFIEC Cyber Security Framework, PCI, and others
Drive enforcement of the enterprise information security strategy and drive short and long term efforts to achieve an approach that is consistent with the risk appetite
Establish and report on relevant metrics and KPIs to communicate status, demonstrate progress and build awareness of information security program performance
Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit
Provide detailed direction and designs for ensuring security controls operating across the enterprise (end to end) are properly deployed and producing data to support the information security function
Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders Additional Details Maintains a high energy level and demonstrates a desire to succeed
Demonstrates a strong work ethic, able to multi task and ability to work well under pressure
Able to plan and organize work to achieve targeted goals with minimal supervision; is resultsoriented and accountable for own actions
Performs rigorous, structured and factbased problem analysis; able to quickly assess an issue and apply creative resolutions
Leveraging creative solutions when problemsolving, collaborating effectively as a team, yet functioning well with independent responsibilities, especially multitasking and extreme attention to detail
Excellent verbal and written communication skills including the ability to author and present materials ranging from detailed technical specifications to highlevel presentations
Solid problem solving and analytical skills; able to quickly digest any issue/problem encountered and recommend an appropriate solution
Pragmatic understanding of security problems as a mix of technology and process issues with the ability to pursue solutions at both layers within the organization
Performs rigorous, structured and factbased problem analysis; able to quickly assess an issue and apply creative resolutions
Build strong crossorganizational relationships and effectively influence staff across the IT organization and broader enterprise
BS/MS degree in Computer science or related fields
10 years+ of experience in IT/IS
Adaptive schedules and work assignments, including willingness to travel domestically and globally, when required, and extended work hours
Good understanding of application security principles
Experience in application or data security and vulnerability management
Experience in static and dynamic scans and security monitoring tools
Programing background and working experience in SDLC and software development tools such as Eclipse, Maven, Jenkins or similar
Analytical and problem solving skills
An IT Security certification, similar to CISA or PCI regulatory implementation experience is a plus
Big data management experience is a plus