Job Description Details
As QVC continues to mature the global information security program, we recognize the value of a formal information security architecture process as one of the key enablers of such a program. It is the planning process that provides the models, templates and principles that are used to design, implement and operate information security solutions. It enables consistency, leverage and reuse to satisfy the business requirements for security services in an optimum manner. The role of the Information Security Architect demands business insight; technical acuity; and the ability to think, communicate and write at various levels of abstraction.
- Works closely with IT applications architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all applications and database repositories to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
- Assists in developing the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.
- Conduct risk assessments of new development efforts as well as externally purchased applications and web services
- Serves as a security expert in application development efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
- Contributes to the alignment of security governance with IT architecture governance and project and portfolio management (PMO).
- Researches, designs and advocates new technologies, methodologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.
- Contributes to the development and maintenance of the information security strategy.
- Evaluates and advocates use of the approved SDLC processes to secure application solutions. Assists in analyzing business impact and exposure, based on emerging security threats, vulnerabilities and risks for application systems.
- Supports communication of application security risks and solutions to business partners and IT staff.
- This is an expert/technical role. It defines the information security application architecture and design for the enterprise.
- This person works on multiple projects as the subject matter expert.
- The role is involved in projects or issues of high complexity that require in-depth knowledge across multiple application platforms and business segments.
- Industry Standard Security certifications including: SANS, GIAC, CEH, CISA, CISSP, and CSSLP.
- Industry Standards IT certifications including MCSE, RHCE, CCIE, and PMP
- Experience programming in C or Java.