Overview

Application Security Architect

Summary:

This amazing opportunity has overall responsibility for leadership within the Services’ Cyber Security  team on matters relating to application security and related architecture. This role focuses on people, process and tools to provide a consultative service to our Client’s Businesses and Application Development / Engineering teams regarding a secure SDLC to meet our Client’s established Information Security Policies and Standards. The role requires an understanding of application security principles and practices and working in an application development environment within a business. Through broad relationships and excellent communication skills, creates an environment where information security is perceived as a valued service by all stakeholders.

Duties Include:

• Leadership Role- As a member of the our Client’s Services Cyber Security team, builds a collaborative working relationship with Corporate Information Security and Risk, IT Services, Enterprise Application Services, Business Unit application development and information security teams, and others to develop, promote, and implement sound application security strategies.
• Performs duties as the primary resource for business units and functions not having internal application security resources, and as a consultative resource for business units and functions having internal application security resources.
• Determines application security requirements by evaluating business strategies and requirements against established security standards, risk assessment methodology, and client requirements.
• Researches information security standards; conducts application security and vulnerability analyses and risk assessments; researches threats and attack vectors that impact applications.
• Performs reviews to identify potential security gaps within the integrated systems of application components, data access dynamics and transaction flow.
• Plans, coordinates, and takes a leadership role in the design, integration, development, validation and implementation of specific security policies, systems and services.
• Mentors Cyber Security team and other IT staff members to enhance their knowledge of information security concepts, practices, tools, strategies, etc., and to improve the overall effectiveness of the information security program.
• Coordinates with Services Technical Training team and/or independently implements and manages training programs for developers on secure code development practices.
• Ensure application security program aligns with industry frameworks such as the NIST Cyber Security Framework, ISO27001, FFIEC Cyber Security Framework, PCI, and others as applicable.
• Leads security design and application architectural reviews.
• Maintains documentation related to application security including the development of secure coding policies, procedures and standards, and ensures the Software Development Life Cycle (SDLC) used in entities includes necessary security checkpoints, code review methodologies, etc.
• Collaborates with the Services Cyber Security team and business unit application security teams
• Participates with incident response teams as a subject matter expert on application security.