Security Architect - Security Controls Validation

Job Description
This position is with the IBM Security business unit-level Chief Information Security Officer (CISO) organization. The primary focus of this role is to evaluate security controls to determine appropriateness and consistency of implementation, advise on risk mitigation strategies and to validate the consistent implementation of appropriate security controls to mitigate risks as well as drive compliance with both IBM internal and external regulations/standards.

Responsibilities:
The successful candidate for this position is able to work independently, will possess experience with risk mitigation practices as well as implementing technical and operational security controls. Assigned duties include, but are not limited to:

  • Advise IBM Security business unit technical teams on cybersecurity risk and compliance issues
  • Assess IBM Security applications and systems for compliance with IBM policy / standards and applicable external standards/regulatory requirements
  • Partner with application / system owners to identify appropriate security controls, remediation plans and improvements based on risk, compliance, and/or other requirements
  • Provide documentation of analysis of cybersecurity risk and mitigation recommendations for assessed applications/systems
  • Conduct validation reviews of security controls across the IBM Security business unit to identify, assess, and make recommendations to improve the effectiveness of security controls implementation
  • Stay current on changes to technology, emerging security threats, internal IBM policy and standards, relevant regulatory requirements, and evaluate potential impacts on identified risks and security controls as well as suggest modifications to the BU risk management program

Skills Required:
  • 3+ years of technical, hands-on proficiency in multiple cybersecurity competencies (e.g. network security, systems security, application security, security operations)
  • 3+ years experience implementing security controls to meet requirements of various security and privacy related standards and regulations such as PCI-DSS, FFIEC, NIST 800-series, ISO 2700x, GDPR, etc
  • 3+ years experience performing security technical testing or technical controls validation including documentation of testing methods and results
  • 1+ years operating computing environments in compliance with IBM Corporate IT Security and Business Continuity Management compliance requirements
  • Proactive awareness of emerging cybersecurity threats and technologies
  • Strong leadership and project management abilities
  • Detail oriented with strong verbal and presentation skills
  • Demonstrated proficiency with executive level presentations and status reporting
  • English: Fluent

Skills Preferred:
  • 3+ years hands-on experience with traditional and/or cloud computing environments including operating systems, middleware, and networking technologies
  • 5+ years experience implementing security controls to meet requirements of various security and privacy related standards and regulations such as PCI-DSS, FFIEC, NIST 800-series, ISO 2700x, GDPR, etc
  • 3+ years experience managing computing environments in compliance with IBM Corporate IT Security and Business Continuity Management compliance requirements
  • 1+ years experience writing information security policy, process, and procedure documents
  • Education: Bachelors Degree
  • Certifications: ISACA: CISA, CRISC, or (ISC)2 - CISSP

Additional benefits:
  • Training and certifications
  • Private medical package and insurance package
  • Multisport Card
  • Working on international projects in multicultural teams
  • Good to be an IBMer discounts
  • Cinema & trips for IBMers
  • Language classes
  • Summer camps for children

Find more about IBM Security Jobs:
http://www-03.ibm.com/employment/security/

Required Technical and Professional Expertise

not available here, see Job Description

Preferred Tech and Prof Experience

not available here, see Job Description

EO Statement
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.


Back to top