Go Back
Information Security Application Architect, Location: Chicago, IL FT or Long Term
Responsibilities:
- 8+ years’ work experience in information security and/or related
functions (such as IT Audit, Risk Management or Security Architecture
- Understanding how to implement the appropriate level of application
security practices based on the risk profile of the application and
data. Some of the controls, but not limited to; encryption,
authentication, multifactor authentication, session management, input
validation, logging, and auditing
- Deep understanding of the DevSecOps lifecycle in regard to ensure the appropriate security is built-in with defined guardrails
- Demonstrable knowledge of a broad range of Information Security technologies and practices
- Expert knowledge of and experience in developing and documenting
application security architecture and plans (e.g. development and
deployment roadmaps) and using process modeling tools and techniques
- SOX and HIPAA experience in dealing with IT general controls (ITGC),
demonstrated through hands-on audit, remediation, and/or computer
system validation
- Excellent understanding of current Information Security &
Architecture trends and their impact on business strategies including
key Information Security vendors and solutions, audit organizations and
influential market research firms
- Experience with scripting languages
- Experience with creating standards, reference architectures, policies, procedures, and implementation guidelines
- High degree of understanding with Cryptographic Services and Public Key Infrastructure
- Experience with Amazon Web Services, Microsoft Azure, and other internal and external cloud providers
- Advanced knowledge of application security development techniques
and processes including specification, documentation, and quality
assurance
- Excellent communications and influencing skills with strong ability
to balance differing stakeholder interests through sound analysis and
persuasion
- Strong people skills, collaborative ability to work with IT
stakeholders inside and outside of the organization, able to mentor team
members
- Ability to formulate application security architecture vision and translate vision into execution
- Thorough understanding of Information Security frameworks and
practices (e.g. ISO, NIST), architecture standards (e.g. TOGAF and
SABSA) and proven ability to strike a balance between an academic and
pragmatic approaches
Key Skills: