security ArchitectAlorica Teleservices, Inc.

The Principal, Security Architect works with various areas of the IT organization and business to collaborate on strategy, design secure solutions, and build standards for how those solutions should be implemented and maintained in the future. The Principal, Security Architect works with various areas of the IT organization and business to collaborate on strategy, design secure solutions, and build standards for how those solutions should be implemented and maintained in the future. The security architect will work with the rest of the Global Information Security (GIS) team, IT leadership, Legal and other parts of the business on projects that will regularly innovate information security within the company. Key Responsibilities: Design and develop an Enterprise Security Architecture to mitigate the risks presented by the ever-changing threat landscape unique to the organization; Ensure that secure architectural solutions are incorporated into every aspect of enterprise architecture supporting the organization's key business processes and organizational missions; Evaluate enterprise security infrastructure and ensure the disparate components are well integrated, secure, and operating efficiently; Translate technical risk issues and distill such issues to IT and business leaders; Engage in the initial requirements definition (including analysis of threats and risks and alignment with security engineering, IT and Architecture standards). Sets strategic direction for information security initiatives, processes and standards Build relationships and collaborate with other architects across IT to ensure all visions are aligned Create, refine, deliver and evangelize information security standards to be used throughout the enterprise that balance business needs and security requirements Work with external security partners, lead the technical investigation and analysis of their security solutions, and present the results to the Chief Information Security Officer Partner with IT teams to ensure that security architectures support compliance (PCI DSS, NIST, HIPAA, GDPR, SOC, etc.), customer and operational requirements for all Alorica services and products QUALIFICATIONS: EDUCATION: Bachelor's Degree in IT, business, engineering, or related field or equivalent in relevant work experience Licenses or certifications (Please List) CISSP, CISM preferred 3 - 5 years related work experience Description: Software protection techniques and countermeasures against reverse engineering Experience in building secure applications preferably payment platforms, systems that can withstand all types of threats from various threat agents. Experience with current compliance, regulatory and legal requirements relevant to the transaction processing industry such as PCI, HIPPA, SOX, and GDPR. Strong knowledge of design review and Secure Development Lifecycle methodologies, Agile based methodologies, middleware platforms, and development platforms (Java, C, C++, .NET etc.). Experience working on cloud-based services (e.g. SaaS, PaaS, IaaS) and a high understanding of security challenges involved in deploying cloud applications Technical experience with security technologies including, but not limited to, intrusion detection/prevention, event correlation, firewall, antivirus, anti-spam, policy enforcement, patch/configuration management, usage monitoring, audit, secure application development, etc. Experience authoring reports, data flow diagrams, and Visio drawings for security systems and networks; Solid understanding of security protocols, cryptography, authentication, authorization and security; Experience in working in the BPO industry Demonstrated experience and proven methods for performing analysis and interpretation of information from Security Operations Center (SOC) and/or Computer Security Incident Response Team (CSIRT) systems. Experience conducting threat modelling exercises on networks and systems to identify all the threats the systems is exposed to and recommended mitigations controls to address those threats. Experience designing security controls for complex applications with backend services expertise such as API Gateway, Identity and Access Management Services, Data Protection technologies, Security Information Event Management etc. Experience with architectural standards (e.g. TOGAF)
Monster

Metro Manila
Permanent
Full-time