QVC *Position Title: *Position Type: *Compensation: *Start Date: *Location: Senior IT Security Solutions Architect Full-Time Salaried - Competitive Immediate Hire West Chester, PA *Job Requirements *Job Description QVC is one of the world’s leading multimedia retailers, reaching millions of customers around the globe each day on-air, on-line, and through mobile. Information security is a priority for QVC. To advance the global security program, QVC is seeking a Senior Solutions Security Architect. This position is based outside of Philadelphia at QVC Founders Park location in West Chester, PA. The Senior Solutions Security Architect collaborates with multiple Business and IT teams during the planning process that provides the models, templates and principles that are used to design, implement and operate information security solutions. This role is the senior security expert that leads the security architecture services empowering operations and project teams to comply with enterprise security policies, industry regulations, and best practices. Components of this role include but are not limited to: Lead advancement of the global information security architecture strategy. Partner with IT architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates. Lead security architecture team including Infrastructure and Application Security architects, aligning strategy and all security architecture efforts. Update job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations. Enhance department and organization reputation by accepting ownership for accomplishing new and enhancement requests; exploring opportunities to add value to job accomplishments. Develop Enterprise Security Architecture that is integrated into SDLC and communicate to organization. Serve as a security expert in application development, database design, network and platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Contribute to the alignment of security governance with IT architecture governance and project and portfolio management (PMO). Research and evaluate vendor solutions to determine value and risk management opportunities Evaluates and develop secure solutions, based on approved security architectures. Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks. Author policies, standards, and architectures that guide IT and Business staff with security and risk management planning. Communicate security risks and solutions to business partners and IT staff. ISACA Philadelphia is not responsible for the content or accuracy of this job posting. Template Version 1.1: 02/21/07 Page 1 of 3 * Skills & Qualifications: Benchmark application security testing practices against authoritative standards (e.g., OWASP and SANS) as well as regulatory obligations (e.g., PCI, HIPPA, etc.). Build consensus with peers and internal customer. Seek guidance from project management office regarding integration of security services. Interact with QVC's personnel at all levels and across all business units to advance security initiatives, communicate risk findings, and advance improvement. Requirements: Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience. 10+ years of combined IT and security work experience including infrastructure, systems, vulnerability testing, audit, or secure enterprise application software development. Experience leading and developing highly technical architecture team Formal training in a relevant enterprise architecture methodology (e.g., Zachman Framework or TOGAF). Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT and business personnel. Broad understanding of regulatory and legal requirements as they apply to information system security controls (e.g., PCI DSS, SOX, EU Data Protection Directive, etc.). Expert knowledge of enterprise and web application development platforms Sound understanding of security principles, such as network security, identity and access management, vulnerability management, and secure coding. Advanced knowledge of secure coding practices based on OWASP and SANS. Experience with project management best practices and collaborating with PMO. Experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x, ITIL, CSC20, COBIT and National Institute of Standards and Technology (NIST) frameworks. Advanced understanding of SDLC, following the process to develop and design effectively solutions Expert knowledge of Cloud security concepts (SaaS, PaaS, IaaS), mobile architecture, network and application security and/or data protection. Broad understanding of security technologies, including firewall, proxy, IDS/IPS, vulnerability management, WAF, WiFi, mobile security, DLP, digital certificates, messaging, encryption and authentication techniques, relational databases, middleware applications, collaboration and document management solutions. Experience developing and documenting application security architecture and data flow plans using Visio, MS Word, MS Excel, etc. Experience performing application risk, business impact, security control, and vulnerability assessments. Experience developing, documenting and maintaining security policies, processes, procedures and standards. Familiarity with network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts. Strong analytical skills to analyze security requirements and relate them to appropriate security controls. Preferred Requirements: Industry Standard Security certifications including: SANS, GIAC, CEH, CISA, CISSP, and CSSLP. Industry Standards IT certifications including MCSE, RHCE, CCIE, and PMP Experience programming in C or Java. ISACA Philadelphia is not responsible for the content or accuracy of this job posting. Template Version 1.1: 02/21/07 Page 2 of 3 Education: Certification(s): Travel: Bachelor's or Master's degree in Computer Science, Information Systems or other related field; or equivalent work experience. Desired: Industry Standard Security certifications including: SANS, GIAC, CEH, CISA, CISSP, and CSSLP. Industry Standards IT certifications including MCSE, RHCE, CCIE, and PMP Minimal *Contact Information Job Reference: *Contact Name: Email Address: Telephone: Fax: Website: Company Information: Special Instructions: R17565 Lorna Bissinger Lorna.Bissinger@qvc.com www.qvc.com/careers QVC, Inc., a wholly owned subsidiary of Liberty Interactive Corporation (NASDAQ: QVCA, QVCB), is the world’s leading video and ecommerce retailer. QVC is committed to providing its customers with thousands of the most innovative and contemporary beauty, fashion, jewelry and home products. Its programming is distributed to approximately 300 million homes worldwide through operations in the U.S., Japan, Germany, United Kingdom, Italy and a joint venture in China. Based in West Chester, Pa. and founded in 1986, QVC has evolved from a TV shopping company to a leading ecommerce and mobile commerce retailer. The company’s website, QVC.com, is ranked among the top general merchant Internet sites. For more information, visit our website at www.qvc.com/careers (Job ID R17565). Applications may be submitted on-line or via e-mail to lorna.bissinger@qvc.com. ISACA Philadelphia is not responsible for the content or accuracy of this job posting. Template Version 1.1: 02/21/07 Page 3 of 3