Enterprise Security Architect (US Based Remote)

Are you looking to make a difference in a patient's life? At AmerisourceBergen, you will find an innovative and collaborative culture that is patient focused and dedicated to making a difference. As an organization, we are united in our responsibility to create healthier futures. Join us and Apply today!

What you will be doing

Individuals in the Enterprise Security Architecture role provide overall direction, guidance, definition and facilitation for the development of an architecture (current and future state) required to meet business strategies and goals. Responsibilities include advocacy and support of the enterprise's IT strategies, identification, and analysis of enterprise business drivers to derive useful business context, analysis of the current IT environment to detect critical deficiencies and recommend solutions for improvement, and the development of strategies aligning IT to business. Enterprise Security Architects interface and collaborate across all business areas, acting as visionaries to proactively assist in defining the direction for future projects and initiatives. They conceive strategies, solutions, build consensus, and sell/execute solutions. They are involved in all aspects of the strategic project life cycle, from the initial kickoff through the requirements analysis, design and implementation. Participate on and be a member of various Enterprise technology forums representing ISO security. Additional responsibilities include the establishment of the overall architectural viewpoints and the establishment and oversight of organization standards and policies. Architects identify major system interfaces, business capabilities needs, and existing architecture weaknesses and opportunities for systems. Serving in this role requires an individual to be a self-starter, work independently, and as a team member. They have to have strong communication skills in interfacing with business partners and the IT community. Enterprise Security Architects are also responsible for educating and guiding others on architectural standards, principles, methodology and trends. They must have significant business knowledge and have expertise within one or more areas of information, solution, and/or technical architecture in which they concentrate. Enterprise Security Architects are expected to mentor and coach less experienced staff and provide knowledge transfer across the organization. The Enterprise Security Architect provides guidance, road maps, principles, standards and best practices. They must be focused on enabling business and IT leaders to make investment decisions that balance and prioritize current operational demands, disruptions, and opportunities with the longer-term strategic vision of the organization. This role will work multiple enterprise initiatives and highly complex projects that require in-depth knowledge of one or more specialized architecture areas such as network, security, applications, data, systems, OT/IoT and Public Cloud.

With the acquisition of Alliance Healthcare, AB requires additional Enterprise Security Architect to support the datacenter migration, onboard the legacy applications and provide security architecture oversight and support.

What your background should look like

The Enterprise Security Architect role is responsible for improving application and systems security and will support efforts to minimize the possibility that coding, design, or configuration security vulnerabilities could work their way into production environments, presenting a potential point-of-compromise.

The Enterprise Security Architect will maintain involvement in the organization's Software Development Life Cycle (SDLC) process, Enterprise Architecture frameworks, and liaise with business and technical resources. The Enterprise Security Architect will review strategic initiatives and related project documentation, research, and reference security policy, render recommendations and guidance, approve or reject project artifacts from a security perspective, and perform other tasks in the pursuit of securing systems, processes, and software applications.

• Defining security requirements by evaluating business strategies and requirements; researching information security standards
• Providing consulting services and security support to internal business and technology customers
• Serving as the lead security liaison on assigned Enterprise initiatives and projects.
• Providing input and recommendations to the development teams related to architecture, design, coding practices and SDLC elements that could potentially impact the application or solution from a security perspective.
• Validating controls for Encryption, Access Control, Web Application Vulnerability Detection, OWASP top 10 and other common web application security parameters.
• Reviewing application architecture and design from an application and infrastructure security perspective ensuring alignment with organization security standards and industry best practices.
• Contributing to Security Policies, Standards, and Non-functional requirements
• Ensuring that development is done in accordance with industry standards for secure development
• Reviewing, developing, testing, and implementing security plans, products, and control techniques
• Reviewing and documenting circumstances surrounding security gaps and defining corrective actions
• Maintaining awareness of security and technology trends and shares that knowledge with others
• Evangelizing security policies, standards, and nonfunctional requirements where/when needed
• Daily and Weekly Status Reporting - for Work in Process and Planned and issues
• Documenting processes, procedures, assessment outputs, working papers documentation to support existing SDLC and governance requirements
• Representing security and IT risks among other company risk departments and committees.
• Evaluating the effectiveness of awareness and training programs and makes recommendations for improvement.

Bachelor's degree in Computer Science, Information Systems, Computer Engineering, System Analysis or a related field. Or equivalent work experience.

Typically has a minimum 10-15 years of progressive experience across multiple IT areas with at least 7-10 years of relevant combined IT and security work experience which includes a broad range of exposure to systems analysis, application development, systems administration.

Must have experience designing and deploying security for Business products and services and Enterprise solutions.

Requires advanced to expert level knowledge and understanding of architecture, application design, system engineering and integration.

Must have one or more Information Security relevant certifications e.g. Audit (CISA), Security Management (CISM), Security Professional (CISSP), Cloud Security (CCSP, CCSK, AZ500)

Preferred Security architecture qualifications including SABSA or TOGAF

Demonstrated sound understanding of at least 3 of the following security control frameworks such as HITRUST CSF, ISO 27001/27002, HIPAA/HITECH, PCI DSS, NIST

Demonstrated sound understanding and experience with Regulatory and compliance frameworks and requirements such as HIPAA, GDPR, SOX, country, state, and local data protection laws

Business experience in a matrix Organization required

• Experience in mentoring/leading teams
• Strong organizational skills; attention to detail
• Strong consultative skills: ability to interface effectively with technical and non-technical leaders.
• Strong facilitation skills and a clear ability to build positive relationships with business stakeholders at all levels, including executive managers and vendors.
• Strong ability to identify, analyze, and resolve problems, driving solutions through to completion.
• Ability to translate complex technical information across all levels of a business.
• Ability to translate business drivers, requirements, and priorities into security design.
• Ability to lead and provide direction to project/product teams
• Ability to prioritize workload and consistently meet deadlines
• Excellent written, verbal, and presentation skills.
• Expert-level knowledge of security principles and technologies.
• Experience evaluating, designing, and implementing security solutions.
• Identity Governance & Lifecycle Management
• Customer Identity & Access Management
• Security Operations
• Two-Factor/Multifactor Authentication solutions
• Infrastructure and Network Security
• Security Engineering
• OT Security
• Public Cloud Security- Azure, GCP, AWS (IaaS, PaaS, XaaS), SaaS solutions
• Security Architecture
• Privileged Access Management
• Identity and Access Management
• Previous consulting or pre-sales engineering experience is ideal.
• Project management and delivery experience
• Technical security implementation

What AmerisourceBergen offers

We offer competitive total rewards compensation. Our commitment to our associates includes benefit programs that are comprehensive, diverse and designed to meet the various needs across our associate population.

Throughout our global footprint and various business units, we take a balanced approach to the benefits we offer. Many benefits are company-paid, while others are available through associate contributions. Specific benefit offerings may vary by location, position and/or business unit.

Schedule

Full time

Salary Range*

$115,100 - 177,320

*This Salary Range reflects a National Average for this job. The actual range may vary based on your locale. Ranges in Colorado-specific locations may be up to 10% lower than the minimum salary range, and 12% higher than the maximum salary range.

Affiliated Companies:
Affiliated Companies: AmerisourceBergen Services Corporation

Equal Employment Opportunity

AmerisourceBergen is committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status or membership in any other class protected by federal, state or local law.