Information Security Application Architect, Location: Chicago, IL FT or Long Term
Job Description:
Responsibilities:
- 8+ years’ work experience in information security and/or related functions (such as IT Audit, Risk Management or Security Architecture
- Understanding how to implement the appropriate level of application security practices based on the risk profile of the application and data. Some of the controls, but not limited to; encryption, authentication, multifactor authentication, session management, input validation, logging, and auditing
- Deep understanding of the DevSecOps lifecycle in regard to ensure the appropriate security is built-in with defined guardrails
- Demonstrable knowledge of a broad range of Information Security technologies and practices
- Expert knowledge of and experience in developing and documenting application security architecture and plans (e.g. development and deployment roadmaps) and using process modeling tools and techniques
- SOX and HIPAA experience in dealing with IT general controls (ITGC), demonstrated through hands-on audit, remediation, and/or computer system validation
- Excellent understanding of current Information Security & Architecture trends and their impact on business strategies including key Information Security vendors and solutions, audit organizations and influential market research firms
- Experience with scripting languages
- Experience with creating standards, reference architectures, policies, procedures, and implementation guidelines
- High degree of understanding with Cryptographic Services and Public Key Infrastructure
- Experience with Amazon Web Services, Microsoft Azure, and other internal and external cloud providers
- Advanced knowledge of application security development techniques and processes including specification, documentation, and quality assurance
- Excellent communications and influencing skills with strong ability to balance differing stakeholder interests through sound analysis and persuasion
- Strong people skills, collaborative ability to work with IT stakeholders inside and outside of the organization, able to mentor team members
- Ability to formulate application security architecture vision and translate vision into execution
- Thorough understanding of Information Security frameworks and practices (e.g. ISO, NIST), architecture standards (e.g. TOGAF and SABSA) and proven ability to strike a balance between an academic and pragmatic approaches