QVC - Senior IT Security Solutions Architect

advertisement
QVC
*Position Title:
*Position Type:
*Compensation:
*Start Date:
*Location:
Senior IT Security Solutions Architect
Full-Time
Salaried - Competitive
Immediate Hire
West Chester, PA
*Job Requirements
*Job Description
QVC is one of the world’s leading multimedia retailers, reaching millions of customers
around the globe each day on-air, on-line, and through mobile. Information security is a
priority for QVC. To advance the global security program, QVC is seeking a Senior
Solutions Security Architect. This position is based outside of Philadelphia at QVC
Founders Park location in West Chester, PA.
The Senior Solutions Security Architect collaborates with multiple Business and IT teams
during the planning process that provides the models, templates and principles that are
used to design, implement and operate information security solutions. This role is the
senior security expert that leads the security architecture services empowering operations
and project teams to comply with enterprise security policies, industry regulations, and
best practices.
Components of this role include but are not limited to:
 Lead advancement of the global information security architecture strategy.
 Partner with IT architects, other functional area architects and security specialists
to ensure adequate security solutions are in place throughout all IT systems and
platforms to mitigate identified risks sufficiently, and to meet business objectives
and regulatory requirements.
 Determine security requirements by evaluating business strategies and
requirements; researching information security standards; conducting system
security and vulnerability analyses and risk assessments; studying
architecture/platform; identifying integration issues; preparing cost estimates.
 Lead security architecture team including Infrastructure and Application Security
architects, aligning strategy and all security architecture efforts.
 Update job knowledge by tracking and understanding emerging security practices
and standards; participating in educational opportunities; reading professional
publications; maintaining personal networks; participating in professional
organizations.
 Enhance department and organization reputation by accepting ownership for
accomplishing new and enhancement requests; exploring opportunities to add
value to job accomplishments.
 Develop Enterprise Security Architecture that is integrated into SDLC and
communicate to organization.
 Serve as a security expert in application development, database design, network
and platform (operating system) efforts, helping project teams comply with
enterprise and IT security policies, industry regulations, and best practices.
 Contribute to the alignment of security governance with IT architecture
governance and project and portfolio management (PMO).
 Research and evaluate vendor solutions to determine value and risk
management opportunities
 Evaluates and develop secure solutions, based on approved security
architectures. Analyzes business impact and exposure, based on emerging
security threats, vulnerabilities and risks.
 Author policies, standards, and architectures that guide IT and Business staff with
security and risk management planning.
 Communicate security risks and solutions to business partners and IT staff.
ISACA Philadelphia is not responsible for the content or accuracy of this job posting.
Template Version 1.1: 02/21/07
Page 1 of 3




* Skills &
Qualifications:
Benchmark application security testing practices against authoritative standards
(e.g., OWASP and SANS) as well as regulatory obligations (e.g., PCI, HIPPA,
etc.).
Build consensus with peers and internal customer.
Seek guidance from project management office regarding integration of security
services.
Interact with QVC's personnel at all levels and across all business units to
advance security initiatives, communicate risk findings, and advance
improvement.
Requirements:
 Bachelor's or Master's degree in Computer Science, Information Systems or
other related field; or equivalent work experience.
 10+ years of combined IT and security work experience including infrastructure,
systems, vulnerability testing, audit, or secure enterprise application software
development.
 Experience leading and developing highly technical architecture team Formal
training in a relevant enterprise architecture methodology (e.g., Zachman
Framework or TOGAF).
 Team-oriented interpersonal skills, with the ability to interface effectively with a
broad range of people and roles, including vendors and IT and business
personnel.
 Broad understanding of regulatory and legal requirements as they apply to
information system security controls (e.g., PCI DSS, SOX, EU Data Protection
Directive, etc.).
 Expert knowledge of enterprise and web application development platforms
 Sound understanding of security principles, such as network security, identity and
access management, vulnerability management, and secure coding.
 Advanced knowledge of secure coding practices based on OWASP and SANS.
 Experience with project management best practices and collaborating with PMO.
 Experience with common information security management frameworks, such as
International Organization for Standardization (ISO) 2700x, ITIL, CSC20, COBIT
and National Institute of Standards and Technology (NIST) frameworks.
 Advanced understanding of SDLC, following the process to develop and design
effectively solutions
 Expert knowledge of Cloud security concepts (SaaS, PaaS, IaaS), mobile
architecture, network and application security and/or data protection.
 Broad understanding of security technologies, including firewall, proxy, IDS/IPS,
vulnerability management, WAF, WiFi, mobile security, DLP, digital certificates,
messaging, encryption and authentication techniques, relational databases,
middleware applications, collaboration and document management solutions.
 Experience developing and documenting application security architecture and
data flow plans using Visio, MS Word, MS Excel, etc.
 Experience performing application risk, business impact, security control, and
vulnerability assessments.
 Experience developing, documenting and maintaining security policies,
processes, procedures and standards.
 Familiarity with network infrastructure, including routers, switches, firewalls, and
the associated network protocols and concepts.
 Strong analytical skills to analyze security requirements and relate them to
appropriate security controls.
Preferred Requirements:
 Industry Standard Security certifications including: SANS, GIAC, CEH, CISA,
CISSP, and CSSLP.
 Industry Standards IT certifications including MCSE, RHCE, CCIE, and PMP
 Experience programming in C or Java.
ISACA Philadelphia is not responsible for the content or accuracy of this job posting.
Template Version 1.1: 02/21/07
Page 2 of 3
Education:
Certification(s):
Travel:

Bachelor's or Master's degree in Computer Science, Information Systems or
other related field; or equivalent work experience.
Desired:
 Industry Standard Security certifications including: SANS, GIAC, CEH, CISA,
CISSP, and CSSLP.
 Industry Standards IT certifications including MCSE, RHCE, CCIE, and PMP
Minimal
*Contact Information
Job Reference:
*Contact Name:
Email Address:
Telephone:
Fax:
Website:
Company
Information:
Special
Instructions:
R17565
Lorna Bissinger
Lorna.Bissinger@qvc.com
www.qvc.com/careers
QVC, Inc., a wholly owned subsidiary of Liberty Interactive Corporation (NASDAQ:
QVCA, QVCB), is the world’s leading video and ecommerce retailer. QVC is committed to
providing its customers with thousands of the most innovative and contemporary beauty,
fashion, jewelry and home products. Its programming is distributed to approximately 300
million homes worldwide through operations in the U.S., Japan, Germany, United
Kingdom, Italy and a joint venture in China. Based in West Chester, Pa. and founded in
1986, QVC has evolved from a TV shopping company to a leading ecommerce and
mobile commerce retailer. The company’s website, QVC.com, is ranked among the top
general merchant Internet sites.
For more information, visit our website at www.qvc.com/careers (Job ID R17565).
Applications may be submitted on-line or via e-mail to lorna.bissinger@qvc.com.
ISACA Philadelphia is not responsible for the content or accuracy of this job posting.
Template Version 1.1: 02/21/07
Page 3 of 3
Download