Security Architect

More Options

Columbus, OH, United States
map-icon
45136
6548405

To apply, email this job to yourself and open on a desktop to submit your application.

Job ID: 45136

OVERVIEW:
Member of the team that executes the L Brands Information Security Program operating processes and delivering/supporting technology necessary to protect the confidentiality, integrity, availability and legal/regulatory compliance of L Brands- information and technology assets. This position has global enterprise-wide responsibilities for Security Consulting services regardless of brand or function. Ensure information security (security & compliance) requirements are defined, documented and tracked for all releases, major technology & process changes, project initiatives. SCOPE: Stores, Direct, Mobile, Infrastructure people process and technology (HW/SW) for both internal and external/cloud solutions. Maintain assessment program metrics and deliver reports based on agreed upon criteria and cadence.

RESPONSIBILITIES:

Information Security Risk Assessment
Deliver technical requirements supporting ISO Administrative Security driven regulatory risk assessments (e.g. HIPPA, PCI Enterprise RA).
Deliver technical requirements on ad hoc risk assessments driven by internal ISO priorities or external factors (e.g. industry, technology changes, org change, and innovation).

Information Security Risk Classification
For all releases, major technology & process changes, project initiatives:

Review initiative objectives and document affected assets material to information security requirements.
Identify potential threats and associated protections, countermeasures and compensating controls associated with the initiative objectives and affected assets.
Maintain awareness of the threat landscape associated with the project.
Ensure data classification is identified and that appropriate controls are documented as project deliverables
Identify when MGT Enterprise Architecture processes are required and engage the EA team.
Identify potential security events or incidents related to the project assets and current threat landscape then ensure standard ISO Security incident procedures are followed.

Information Security Architecture and Design Consulting
For all releases, major technology & process changes, project initiatives:

Validate data classification and review, design, assess data flow architecture/maps
Determine control categories that are in-scope based on data elements and regulatory drivers.
Review, design and assess technical architecture and processes to ensure information security requirements are documented and delivered.
Review, design and assess network security
Review, design and assess Perform platform/OS security
Review, design and assess application security
Review, design and assess database security
Review, design and assess interface/integration security
Review, design and assess identity & access security
Review, design and assess device accessibility security
Partner with ISO Security Intelligence on any new people, process or technology changes that may impact ISO security controls

Information Security Requirements
For all releases, major technology & process changes, project initiatives:

Interact with ISO Program Manager to ensure Information Security Risk Registry open items are accounted for as requirements and included as appropriate.
Define and document regulatory control requirements.
Define and document L Brands information security control requirements.
Define and document information security operational control requirements.
Define and document security testing requirements.
Ensure that information security requirements are implemented as planned or accounted for and tracked for post-production releases

Information Security Testing and Validation
For all releases, major technology & process changes, project initiatives:

Execute security control validation.
Coordinate required project security testing (TVM, Pen Testing) with appropriate resources from the ISO Security Intelligence team and the project team.
Ensure information security defects are appropriately documented in the project defect tracking system of record.
For information security defects that will be mitigated after project close ensure that such defects are appropriately documented in the Information Security Risk Registry (work with ISO Program Manager) and MGT responsible teams defect tracker.
Identify potential security events or incidents related to the project assets and current threat landscape and ensure appropriate action following standard ISO Security incident procedures
Incident Response
Engage as needed and based on technical expertise to support security incidents and breaches. All hands on deck situations.


QUALIFICATIONS:
7-10 years of experience in information security and risk management.
Strong verbal and written communication skills.
Ability to communicate technical issues to non-technical audiences at multiple organization levels
Experience multi-tasking and prioritizing deliverables and managing expectations across multiple simultaneous projects.
Experience leading and managing work unsupervised
Experience working on enterprise level cross functional projects and working under project deadlines.
Experience identifying and integrating information security requirement into project deliverables.
Ability to weigh in on and influence risk assessment discussions/decisions
Strong collaboration and innovation skills.
Understanding of networking applications, multiple platforms and databases.
Experience exploiting and leveraging vulnerabilities to test systems, platforms, applications, databases, devices.
Broad and deep understanding of information security controls, how controls are used to detect and respond to events & incidents, how controls impact the business and how control gaps can be mitigated/remediated.
Understanding of (US) national regulatory requirements and how they apply to technology implementations
Always on call
Ability to assess/evaluate/prioritize risk on small to medium sized projects

EDUCATION:
Bachelors Degree in Information Technology/Information Security or equivalent experience in technology
Security Certifications preferred such as CISSP or relevant SANS/GIAC.
L Brands, through its high-emotion brands Victoria's Secret, Bath and Body Works, Pink, La Senza and Henri Bendel, is an international specialty retailer delivering lingerie, personal care and beauty products, apparel and accessories to customers worldwide. Our brands are available in more than 2,600 retail stores in the United States, more than 680 international locations, and through our award-winning internet and catalogue channels. L Brands, which recorded sales of $10.5 billion in 2012 and employs more than 90,000 associates, was Fortune's 2011 World's Most Admired specialty retailer.

loading