Information Security Architect - Infrastructure
AbbVie’s mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people’s lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women’s health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.
As a member of Information Security Risk Management architecture team, the Security Architect plays an integral role in assessing and defining the organization's security strategy, architecture, and practices. The Security Architect will effectively translate business objectives and cyber risk management strategies into specific security processes enabled by security technologies and services, evaluate and incorporate emerging technologies in response to changes in the threat landscapes. This position will interact with senior leaders across the enterprise and acts as a trusted senior advisor, while performing all necessary duties to ensure the security of AbbVie information assets.
• Develop and maintain a security architecture process that enables the enterprise to create and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.
• Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.
• Track developments and changes in the digital business and threat environments to ensure that they are adequately addressed in security strategy plans and architecture artifacts.
• Establish collaborative working relations with the Information Technology functions to ensure that solutions align with security architecture and business strategy.
• Foster an information security culture through education, skill development, and implementation of effective information security processes and practices.
• Understand and adhere to corporate standards regarding applicable corporate and divisional policies, including code of conduct, safety, GxP compliance, data security, and the software development lifecycle.
• Matures and leverages relationships with affiliates, subsidiaries, vendors, and industry peers in accordance with AbbVie Values, Vendor Management Office, and Purchasing to further the mission, vision and goals of the organization.
• Support security aspects of business & IT initiatives by assisting in architecture, design, implementation,deployment, and operational transition of innovative & secure technology solutions.
• Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks in the infrastructure.
• Research, evaluate, design, test, recommend and plan the implementation of new or updated IAM technologies.
• Develop a focus on and plans for identity access management systems across the enterprise, including cloud and hybrid cloud and technologies such as OIM, CyberArk, Ping Identity, etc.
• Define requirements for public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures.
• Experience in information security and/or related functions (such as IT Audit, Risk Management or Security Architecture)
• Experience with technical design and architecture work with several of the following modern hybrid-cloud based Identity and Access Management solutions covering Identity and Directory Services, Privileged Access Management, Identity Lifecycle, Identity Governance, Multi-Factor Authentication, Credential Management, etc.
• Deep understanding with several authentication and directory services protocols (e.g. FIDO, OIDC, SAML, LDAP(s), Radius).
• Proven knowledge and experience with modern cloud based IAM technology solutions from providers such as Ping Identity and Okta.
• Expert knowledge of and experience in developing and documenting security architecture and plans (e.g. development and deployment roadmaps) and using process modeling tools and techniques.
• SOX and HIPAA experience in dealing with IT general controls (ITGC), demonstrated through hands-on audit, remediation, and/or computer system validation.
• Excellent understanding of current information security and architecture trends and their impact on business strategies including: key information security vendors and solutions, audit organizations and influential market research firms.
• Excellent communications and influencing skills with strong ability to balance differing stakeholder interests through sound analysis and persuasion.
• Strong people skills, collaborative ability to work with IT stakeholders inside and outside of the organization, able to mentor team members with diverse backgrounds.
• Ability to formulate network security architecture vision and translate vision into execution.
• Thorough understanding of information security frameworks and practices (e.g. ISO, NIST), architecture standards (e.g. TOGAF and SABSA) and proven ability to strike a balance between an academic and pragmatic approaches.
- Typically 7+ years of relevant experience and a post-secondary degree in Computer Science, Engineering, or Information Systems or a related field of study or an equivalent combination of education and experience.
- Requires in-depth knowledge of the systems development life cycle, client area’s functions and systems, and systems applications programs development technological alternatives.
- Proven implementation of creative technology solutions that advance the business.
Specifically, we’re looking for:
- Significant exposure or understanding of the following concepts, practices, and technologies: network security and perimeter security, firewalls, IDS/IPS, SIEM, workstation, mobile device, and network design standards.
- Understanding the following concepts is a plus; identity management, federated identity services, incident management, access control, end-point protections, desktop security tools, anti-malware solutions, application vulnerability testing, public key infrastructure, Windows, and Unix/Linux.
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project.
- Signification SOX and HIPAA experience in dealing with IT general controls (ITGC), demonstrated through hands-on audit, remediation, and/or computer system validation. Excellent understanding of current information security and architecture trends and their impact on business strategies including: key information security vendors and solutions, audit organizations and influential market research firms.
- Excellent communications and influencing skills with strong ability to balance differing stakeholder interests through sound analysis and persuasion.
- Strong people skills, collaborative ability to work with IT stakeholders inside and outside of the organization, able to mentor team members with diverse backgrounds.
- Ability to formulate network security architecture vision and translate vision into execution.
- Thorough understanding of Information Security frameworks and good practices (e.g. ISO, NIST), and proven ability to strike a balance between an academic and pragmatic approach.
- Relevant work experience is important for successful performance of this role due to the complexity of our global IT Security environment.
- Information security qualification such as CISSP is preferred.
Significant Work Activities
Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Yes, 20 % of the Time
Job Level Code
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.