The CBI Group
QVC is one of the world’s leading multimedia retailers, reaching millions of customers around the globe each day on-air, on-line, and through mobile. Information security is a priority for QVC. To advance the global security program, QVC is seeking a Security Applications Architect that will guide the application development teams in designing secure applications which will adequately support the business requirements of the organization. This position is based outside of Philadelphia at QVC Founders Park location in West Chester, PA.
As QVC continues to mature the global information security program, we recognize the value of a formal information security architecture process as one of the key enablers of such a program. It is the planning process that provides the models, templates and principles that are used to design, implement and operate information security solutions. It enables consistency, leverage and reuse to satisfy the business requirements for security services in an optimum manner. The role of the demands business insight; technical acuity; and the ability to think, communicate and write at various levels of abstraction.
· Works closely with IT architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all applications and database repositories to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
· Assists in developing the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.
· Conduct risk assessments of new development efforts as well as externally purchased applications and web services
· Serves as a security expert in application development efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
· Contributes to the alignment of security governance with IT architecture governance and project and portfolio management (PMO).
· Researches, designs and advocates new technologies, methodologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.
· Contributes to the development and maintenance of the information security strategy.
· Evaluates and advocates use of the approved SDLC processes to secure application solutions. Assists in analyzing business impact and exposure, based on emerging security threats, vulnerabilities and risks for application systems.
· Supports communication of application security risks and solutions to business partners and IT staff.
· This is an expert/technical role. It defines the information security application architecture and design for the enterprise.
· This person works on multiple projects as the subject matter expert.
· The role is involved in projects or issues of high complexity that require in-depth knowledge across multiple application platforms and business segments.
· A bachelor's or master's degree in computer science, information systems or other related field; or equivalent work experience.
· Knowledge of a relevant enterprise architecture methodology (for example, the Zachman Framework or TOGAF).
· Seven to 10 years of combined IT and security work experience in application development, with a broad exposure to application and multiplatform environments.
· Expert knowledge of security issues, techniques and implications across all existing computer platforms.
· Strong conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates.
· Ability to work well under minimal supervision.
· Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT and business personnel.
· Demonstrable written and verbal communication skills.
· Experience in using an enterprise architecture methodology (for example, Zachman, TOGAF and Gartner frameworks).
· Knowledge of a security-specific architecture methodology (for example, SABSA).
· Proven ability in application security process and organizational design.
· Industry Standard Security certifications including: SANS, GIAC, CEH, CISA, CISSP, and CSSLP.
· Industry Standards IT certifications including MCSE, RHCE, CCIE, and PMP
· Experience programming in C or Java.