The Information Architect role is responsible for improving application and systems security and will support efforts to minimize the possibility that coding, design, or configuration security vulnerabilities could work their way into production environments, presenting a potential point-of-compromise. The Security Architect will review project documentation, research, and reference security policy, render recommendations and guidance, approve or reject project artifacts from a security perspective, and perform other tasks in the pursuit of securing systems, processes, and software applications.

PRIMARY DUTIES AND RESPONSIBILITIES

Defining security requirements by evaluating business strategies and requirements; researching information security standards
Providing consulting services and security support to internal business and technology customers
Serving as the lead security liaison on assigned projects.
Providing input and recommendations to the development teams related to architecture, design, coding practices and SDLC elements that could potentially impact the application or solution from a security perspective.
Validating controls for Encryption, Access Control, Web Application Vulnerability Detection, OWASP top 10 and other common web application security parameters.
Reviewing application architecture and design from an application and infrastructure security perspective ensuring alignment with organization security standards and industry best practices.
Assisting with the development of secure coding standards
Ensuring that development is done in accordance with industry standards for secure development
Facilitating Periodic static code analysis utilizing existing standard service offering.
Facilitating dynamic and/or manual security testing utilizing existing standard service offering
Reviewing, developing, testing, and implementing security plans, products, and control techniques
Reviewing and documenting circumstances surrounding security gaps and defining corrective actions
Maintaining awareness of security and technology trends and shares that knowledge with others
Evangelizing security policies, standards, and nonfunctional requirements where/when needed
Daily and Weekly Status Reporting - for Work in Process and Planned and issues
Documenting processes, procedures, assessment outputs, working papers documentation to support existing SDLC and governance requirements
Representing security and IT risks among other company risk departments and committees.
Evaluating the effectiveness of awareness and training programs and makes recommendations for improvement.

EXPERIENCE AND EDUCATIONAL REQUIREMENTS

Bachelor's Degree in Computer Science, Information Systems or other related field, or equivalent work experience
8 or more years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration and over five years of experience designing and deploying security for Business products and services and Enterprise solutions at the enterprise level.
Proficient communication skills
Preferred Certification in one or more Information Security relevant areas Security Professional (CISSP), Cloud Security (CCSP, CCSK, AZ500), Audit (CISA), Security Management (CISM)
Requires in-depth knowledge of security issues, techniques and implications across all existing computer platforms.
Requires advanced level knowledge and understanding of architecture, application design, system engineering and integration.
Experience with evaluating and implementing security controls as related to Cloud based services including SaaS, PaaS, IaaS.
Strong computer skills to operate effectively with company systems and programs; working knowledge of applicable computer applications used at ABC
Working knowledge of network solutions and systems
Good analytical and problem-solving skills
Ability to communicate effectively both orally and in writing
Good interpersonal skills
Ability to prioritize workload and consistently meet deadlines
Strong organizational skills; attention to detail
Ability to lead and provide direction to project/product teams
Strong consultative skills: ability to interface effectively with technical and non-technical leaders.
Understands Information Security as it relates to the business and other areas of IT; understands direct impacts and risks.
Demonstrated sound understanding of at least 3 of the following control frameworks: ISO 27001/27002, HITRUST, PCI, NIST, GDPR and PCI
Business experience in a matrix Organization required

MINIMUM SKILLS, KNOWLEDGE AND ABILITY REQUIREMENTS:

Proficient communication skills and experience in mentoring/leading teams
Ability to translate complicated business requirements into multiple solution options and explain the pros/cons of various approaches
At least 10 years of experience
Ability to influence others that are not direct reports or within the same department
Ability to lead small technical teams for short durations
Ability to work across application and infrastructure areas
Ability to translate technical jargon within IT and to non-IT team members Ability to build presentations and business cases and present to senior executives and non IT associates IT

We offer a competitive total rewards package which includes benefits and compensation. Our commitment to our eligible population of team members includes benefit programs that are comprehensive, affordable, diverse, and designed to meet the needs of our team members and their families. Some of these programs include paid time off including paid parental leave, access to retirement savings vehicles, medical, dental, vision, and life insurance options, an employee stock purchase program, and other financial, health, and well-being focused benefits.

Because we take a balanced, global approach to our benefits, benefit offerings may vary by location, position, and/or business unit. Some benefits are company-paid, while others are available through team member contributions. For details visit https://www.virtualfairhub.com/amerisourcebergen.