Company:
AbbVie
Location: Atlanta
Closing Date: 19/11/2024
Hours: Full Time
Type: Permanent
Job Requirements / Description
Job Description
The Information Security Application Solution Architect is a member of the Information Security team and works closely with other members of the team to develop and implement a comprehensive information security program. This includes defining security policies, processes, and standards. We are seeking a highly skilled architect to collaborate with application development teams, ensuring secure design, coding, configuration, and deployment of technology solutions. The architect will not only focus on common security mechanisms like encryption and authentication but will also dive into application-level risks, session management, securing configuration files, secrets management, and risk identification in system configurations. This role requires a deep understanding of secure application development practices, including the security of API interactions and cloud application environments.
This position can be virtually from anywhere in the U.S.
Major Duties and Responsibilities:
Work with in-business IT customers, including application architects and engineers to evaluate application software and infrastructure designs, for the purpose of defining/designing application controls aligned with enterprise standards.
Generate detailed application specific security controls design and documentation for each business application under review
Develop re-usable implementation guidance and design patterns based on previous engagements to scale the service
Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks in the infrastructure and applications.
Establish collaborative working relations with business application architecture staff to ensure that solutions align with security architecture and business strategy.
Support security aspects of business & IT initiatives by assisting in architecture, design, implementation, deployment, and operational transition of innovative & secure technology solutions.
Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks in the infrastructure.
Research, evaluate, design, test, recommend and plan the implementation of new or updated information security technologies.
Establish collaborative working relations with the Information Technology functions to ensure that solutions align with security architecture and business strategy.
Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned. Complete remediation activities and initiate actions to ensure that compliance and security gaps are successfully addressed.
Research and assess new information security threats and recommend remedial actions.
Foster an information security culture through education, skill development, and implementation of effective information security processes and practices.
Understand and adhere to corporate standards regarding applicable Corporate and Divisional Policies, including code of conduct, safety, GxP compliance, data security, and the software development lifecycle
Matures and leverages relationships with affiliates, subsidiaries, vendors, and industry peers in accordance with Abbvie Values, Vendor Management Office, and Purchasing to further the mission, vision and goals of the organization.
Specifically, we’re looking for experience:
Design the security architecture for applications, ensuring all components meet best practices and regulatory compliance.
Work closely with software development, DevOps, and operations teams to integrate security into the software development lifecycle (SDLC).
Lead efforts in identifying potential threats through application threat modeling and propose design changes to mitigate risks.
Understanding the following concepts is a plus; identity management, federated identity services, incident management, access control, , application vulnerability testing, public key infrastructure, Windows, and Unix/Linux, public cloud infrastructure and services
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project.
Significant SOX and HIPAA experience in dealing with IT general controls (ITGC), demonstrated through hands-on audit, remediation, and/or computer system validation.
Excellent understanding of current Information Security & Architecture trends and their impact on business strategies including: key Information Security vendors and solutions, audit organizations and influential market research firms.
Excellent communications and influencing skills with strong ability to balance differing stakeholder interests through sound analysis and persuasion.
Strong people skills, collaborative ability to work with IT stakeholders inside and outside of the organization, able to mentor team members with diverse backgrounds.
Ability to formulate network security architecture vision and translate vision into execution.
Thorough understanding of Information Security frameworks and good practices (e.g. ISO, NIST), and proven ability to strike a balance between an academic and pragmatic approach.
The Information Security Application Solution Architect is a member of the Information Security team and works closely with other members of the team to develop and implement a comprehensive information security program. This includes defining security policies, processes, and standards. We are seeking a highly skilled architect to collaborate with application development teams, ensuring secure design, coding, configuration, and deployment of technology solutions. The architect will not only focus on common security mechanisms like encryption and authentication but will also dive into application-level risks, session management, securing configuration files, secrets management, and risk identification in system configurations. This role requires a deep understanding of secure application development practices, including the security of API interactions and cloud application environments.
This position can be virtually from anywhere in the U.S.
Major Duties and Responsibilities:
Work with in-business IT customers, including application architects and engineers to evaluate application software and infrastructure designs, for the purpose of defining/designing application controls aligned with enterprise standards.
Generate detailed application specific security controls design and documentation for each business application under review
Develop re-usable implementation guidance and design patterns based on previous engagements to scale the service
Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks in the infrastructure and applications.
Establish collaborative working relations with business application architecture staff to ensure that solutions align with security architecture and business strategy.
Support security aspects of business & IT initiatives by assisting in architecture, design, implementation, deployment, and operational transition of innovative & secure technology solutions.
Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks in the infrastructure.
Research, evaluate, design, test, recommend and plan the implementation of new or updated information security technologies.
Establish collaborative working relations with the Information Technology functions to ensure that solutions align with security architecture and business strategy.
Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned. Complete remediation activities and initiate actions to ensure that compliance and security gaps are successfully addressed.
Research and assess new information security threats and recommend remedial actions.
Foster an information security culture through education, skill development, and implementation of effective information security processes and practices.
Understand and adhere to corporate standards regarding applicable Corporate and Divisional Policies, including code of conduct, safety, GxP compliance, data security, and the software development lifecycle
Matures and leverages relationships with affiliates, subsidiaries, vendors, and industry peers in accordance with Abbvie Values, Vendor Management Office, and Purchasing to further the mission, vision and goals of the organization.
Specifically, we’re looking for experience:
Design the security architecture for applications, ensuring all components meet best practices and regulatory compliance.
Work closely with software development, DevOps, and operations teams to integrate security into the software development lifecycle (SDLC).
Lead efforts in identifying potential threats through application threat modeling and propose design changes to mitigate risks.
Understanding the following concepts is a plus; identity management, federated identity services, incident management, access control, , application vulnerability testing, public key infrastructure, Windows, and Unix/Linux, public cloud infrastructure and services
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project.
Significant SOX and HIPAA experience in dealing with IT general controls (ITGC), demonstrated through hands-on audit, remediation, and/or computer system validation.
Excellent understanding of current Information Security & Architecture trends and their impact on business strategies including: key Information Security vendors and solutions, audit organizations and influential market research firms.
Excellent communications and influencing skills with strong ability to balance differing stakeholder interests through sound analysis and persuasion.
Strong people skills, collaborative ability to work with IT stakeholders inside and outside of the organization, able to mentor team members with diverse backgrounds.
Ability to formulate network security architecture vision and translate vision into execution.
Thorough understanding of Information Security frameworks and good practices (e.g. ISO, NIST), and proven ability to strike a balance between an academic and pragmatic approach.
Share this job
Useful Links