Job Description :
The Security Architect SDLC will work AppPSec project team to develop AppSec program related deliverables.
The candidate will also work with Application Managers and Project Managers across all information technology disciplines to administer the application security services including consulting to define security requirements, threat modelling, architecture reviews, static code scans, dynamic code scans, pen-testing, secure design and coding training, applicaiton security goverance and remediation consulting as well as risk assessment.
The successful candidate will be a strong communicator (verbal and written) with deep technical skills and with great sense of urgency.
The individual must be highly collaborative as they will need to cooperate internally within AppSec project team and with other ISRM teams as well as with Application/Project managers.
MAJOR ACCOUNTABILITIES:
Create Application Security (AppSec) standards and processes
Create AppSec related training material for Application Teams
Rollout AppSec Program to selected Application teams
Provide support to Application Team to adopt AppSec
Perform Application health checks to ensure compliance to AppSec Standards
Publish Application Security metrics to various stakeholders
Analysing application security products from various vendors
Conducting pilot with selected vendors for obtaining threat modelling, architecture reviews, code scanning and penetration testing services using Client methodology
Produce project management documentation related to AppSec project
Conduct communicaiton sessions with various stakeholders to launch AppSec
EDUCATION / EXPERIENCE:
Essential:University degree
Desirable: Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
EXPERIENCE:
10+ years of working experience
5+ years as an IT security expert
Experienced IT security architect with broad technical, analytical and conceptual skills
Experience in communicating with IT and Business leadership
Excellent written and verbal communication and presentation skills
Interpersonal and collaborative skills to drive security message to Application teams
Excellent understanding and knowledge of Application Security
General knowledge of Data Security, Infrastructure Security, Cloud Security
PRODUCT/MARKET/CUSTOMER KNOWLEDGE:
Good understanding of pharmaceutical industry.
Good understanding of business processes in a global pharmaceutical industry