Information Security Application Architect

Summary:

As a member of Information Security Risk Management architecture team, the application security architect plays an integral role in assessing and defining the organization's application security strategy, architecture, and practices. The application security architect will effectively translate business objectives and cyber risk management strategies into specific application security processes enabled by application security practices, technologies, and services, evaluate and incorporate emerging application security practices in response to changes in the threat landscapes. This position will interact with senior leaders across the enterprise and acts as a trusted senior advisor, while performing all necessary duties to ensure the security of AbbVie information assets.

Major Responsibilities:

• Develop application security strategy and roadmap planning, along with design & delivery of integrated solution architectures and development of standards and reference architectures.
• Develop training material and conduct periodic application security training for the AbbVie development teams.
• Building relationships with the business to act as an application security liaison and determine overall demand. 
• Develop the processes, controls, and technologies to be integrated into the appropriate stages of the software development lifecycle.
• Create and provide input into information security policies, standards, and baselines regarding secure software development and SDLC processes.
• Collaborate with cross-functional peers within and outside of the technology organization to provide application security leadership by driving the teams to build secure applications and providing application security expertise.
• Communicate and collaborate with cross-functional peers outside of the Technology Division, including Information Research, Commercial Operations, Enterprise Risk Management, Third Party Risk Management, and other business unit leadership.
• Continuous improve the methods, instrumentation, training, documentation, and processes required to properly govern secure application architecture and the software development lifecycle.
• Advocate for application security and lead efforts to promote applications security awareness at all levels of the organizations.
• Interact with industry peers from other organizations within the pharma industry, research organizations, solution providers, and vendors.
• Own and continuously enhance secure application architecture standards within the Software Development Lifecycle.
• Provide consultation on secure application design.
• Collaborate with the DevOps team to ensure security is built into the process and enhanced over time.

Key Competencies:

• 8+ years’ work experience in information security and/or related functions (such as IT Audit, Risk Management or Security Architecture.
• Understanding how to implement the appropriate level of application security practices based on the risk profile of the application and data. Some of the controls, but not limited to; encryption, authentication, multifactor authentication, session management, input validation, logging, and auditing.
• Deep understanding of the DevSecOps lifecycle in regard to ensure the appropriate security is built-in with defined guardrails.
• Demonstrable knowledge of a broad range of Information Security technologies and practices.
• Expert knowledge of and experience in developing and documenting application security architecture and plans (e.g. development and deployment roadmaps) and using process modeling tools and techniques.
• SOX and HIPAA experience in dealing with IT general controls (ITGC), demonstrated through hands-on audit, remediation, and/or computer system validation. 
• Excellent understanding of current Information Security & Architecture trends and their impact on business strategies including key Information Security vendors and solutions, audit organizations and influential market research firms.
• Experience with scripting languages
• Experience with creating standards, reference architectures, policies, procedures, and implementation guidelines
• High degree of understanding with Cryptographic Services and Public Key Infrastructure.
• Experience with Amazon Web Services, Microsoft Azure, and other internal and external cloud providers.
• Advanced knowledge of application security development techniques and processes including specification, documentation, and quality assurance
• Excellent communications and influencing skills with strong ability to balance differing stakeholder interests through sound analysis and persuasion.
• Strong people skills, collaborative ability to work with IT stakeholders inside and outside of the organization, able to mentor team members.
• Ability to formulate application security architecture vision and translate vision into execution.
• Thorough understanding of Information Security frameworks and practices (e.g. ISO, NIST), architecture standards (e.g. TOGAF and SABSA) and proven ability to strike a balance between an academic and pragmatic approaches.

Differentiators:

• Relevant work experience is important for successful performance of this role due to the complexity of our global IT Security environment. 
• Information security qualification such as CISSP is preferred.
• Recent work experience in a “Big Four” focused on health care or Fortune 100 health care/life science organization is a plus.

Education:

• A Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience. 
   

This position is part of AbbVie’s Information Security & Risk Management (ISRM) team.  We are here to put our partners in a position to succeed. We do it by providing the knowledge, tools, and support they need to effectively use data and technology while also effectively managing risk.

At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity and affirmative action employer, we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information, gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic. If you would like to view a copy of the company’s affirmative action plan or policy statement, please email CorpJat_ABV@abbvie.com.