Information Security Architect
AbbVie’s mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people’s lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women’s health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.
As a member of the Information Security Risk Management architecture team, the Information Security Architect plays an integral role in assessing and defining the organization's security strategy, architecture, and practices. The Information Security Architect will effectively translate business objectives and cyber risk management strategies into specific security processes enabled by security technologies and services, evaluate and incorporate emerging technologies in response to changes in the threat landscapes. This position will interact with senior leaders across the enterprise and acts as a trusted senior advisor, while performing all necessary duties to ensure the security of AbbVie information assets.
• Develop and maintain a security architecture process that enables the enterprise to create and implement security solutions and capabilities that are clearly aligned with business, technology, and threat drivers
• Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
• Track developments and changes in the digital business and threat environments to ensure that they are adequately addressed in security strategy plans and architecture artifacts
• Establish collaborative working relations with the Information Technology functions to ensure that solutions align with security architecture and business strategy
• Foster an information security culture through education, skill development, and implementation of effective information security processes and practices
• Understand and adhere to corporate standards regarding applicable corporate and divisional policies, including code of conduct, safety, GxP compliance, data security, and the software development lifecycle
• Matures and leverages relationships with affiliates, subsidiaries, vendors, and industry peers in accordance with AbbVie Values, Vendor Management Office, and Purchasing to further the mission, vision and goals of the organization
• Support security aspects of business and IT initiatives by assisting in architecture, design, implementation, deployment, and operational transition of innovative and secure technology solutions
• Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks in the infrastructure
• Mentor/supervise junior team members, guide, and evaluate the performance of those individuals and be accountable for the effective performance of the team
• Develop plans for security systems by evaluating network and security technologies, including requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices
• Define requirements for public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as Windows and Unix server infrastructure, messaging, end user computing devices, and software
• Deep understanding of the following concepts, practices, and technologies: network security and perimeter security, firewalls, IDS/IPS, SIEM, workstation, mobile device, and network design standards
• Expert knowledge of and experience in developing and documenting security architecture and plans (e.g. development and deployment roadmaps) and using process modeling tools and techniques
• SOX and HIPAA experience in dealing with IT general controls (ITGC), demonstrated through hands-on audit, remediation, and/or computer system validation
• Excellent understanding of current Information security and architecture trends and their impact on business strategies including: key Information Security vendors and solutions, audit organizations and influential market research firms
• Excellent communication and influencing skills with strong ability to balance differing stakeholder interests through sound analysis and persuasion.
• Strong people skills, collaborative ability to work with IT stakeholders inside and outside of the organization, able to mentor team members with diverse backgrounds
• Ability to formulate network security architecture vision and translate vision into execution
• Thorough understanding of Information Security frameworks and practices (e.g. ISO, NIST), architecture standards (e.g. TOGAF and SABSA) and proven ability to strike a balance between an academic and pragmatic approaches
- Typically 7+ years of relevant experience and a post-secondary degree in Computer Science, Engineering, or Information Systems or a related field of study or an equivalent combination of education and experience.
- During recent history, must have demonstrated exceptional ability to assess and communicate information security concepts and practices, with both business and IT stakeholders
- Requires in-depth knowledge of the systems development life cycle, client area’s functions and systems, and systems applications programs development technological alternatives
- Proven implementation of creative technology solutions that advance the business
- Experience designing and architecting several of the following modern hybrid-cloud based Identity and Access Management solutions covering Identity and Directory Services, Privileged Access Management, Identity Lifecycle, Identity Governance, Multi-Factor Authentication, Credential Management, etc.
- Deep understanding with several authentication and directory services protocols (e.g. FIDO, OIDC, SAML, LDAP(s), Radius).
- Understanding of the following concepts is a plus; end-point protections, desktop security tools, anti-malware solutions, application vulnerability testing, public key infrastructure, Windows, and Unix/Linux
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical, and project
- SOX and HIPAA experience in dealing with IT general controls (ITGC), demonstrated through hands-on audit, remediation, and/or computer system validation. Excellent understanding of current Information Security & Architecture trends and their impact on business strategies including: key Information Security vendors and solutions, audit organizations and influential market research firms
- Thorough understanding of Information Security frameworks and good practices (e.g. ISO, NIST), and proven ability to strike a balance between an academic and pragmatic approach
- Relevant work experience is important for successful performance of this role due to the complexity of our global IT Security environment.
- Information security qualification such as CISSP is preferred
Significant Work Activities
Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Yes, 20 % of the Time
Job Level Code
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.