You are watching an expired job.

Senior Information Security Architect

Time Inc

Listed 10 Years ago
Expires 21-04-2014

Time Inc., a Time Warner company, is one of the largest content companies in the world. With a portfolio of approximately 115 magazines and 48 web sites, including some of the world's most popular, powerful and trusted brands, it is the largest magazine publisher in the U.S., and a leading publisher in the U.K. and Mexico. Time Inc.'s popular brands and successful franchises extend to online, television, cable VOD , satellite radio, mobile devices, events and branded products. Each month, one out of every two American adults reads a Time Inc. magazine, and one out of every seven who are online visits a company Web site.

Key Responsibilities:
• Collaborates with the Information Security staff in the evaluation of risks and threats, development, implementation, communication, operation, monitoring and maintenance of the IT security policies and procedures which promote a secure and uninterrupted operation of all IT systems.
• Identifies emerging vulnerabilities, evaluates associated risks and threats and provides countermeasures where necessary.
• Experienced in identifying application level Security, Risk and Privacy controls in cloud applications
• Monitor developments within application security and ensure internal policies, procedures, tools and awareness programs reflect current security methods such as those published by OWASP , WASC , etc.
• Serve as a point of contact with business clients and consult with infrastructure, software development, and database teams to design proper security architecture.
• Manages the reporting, investigation and resolution of data security incidents.
• Proposes changes in firm-wide security policy when necessary.
• Share team rotation for triaging risk assessments, firewall, remote access and policy exception requests. Share team ownership of risk assessments in order to ensure risks are appropriately identified, controlled, validated, documented and remediated/accepted appropriately according to policy and business need.
Ensure that all incoming alerts are analyzed, distributed and responded to appropriately.
• Performs related duties as assigned or requested.

Experience Required:
• Four or more years of hands-on information technology security experience
• Knowledge of PCI standards and /or other regulations such as SOX, GLB or HIPPAA
• Experience in performing security assessment
• Must have a solid technical understanding of information technology and information security fundamentals (e.g., firewall, intrusion detection, authentication, authorization)
• Understanding of Application Security principles such as OWASP Top 10.
• Familiarity with application testing tools such as Appscan / Watchfire /Fortify
• Basic understanding of firewall, unified threat management, IDS/ IPS and behavior analysis technologies. An understanding of TCP/IP networking (switching, routing protocols, WLAN , DNS, HTTP, SNMP and packet level analysis) is a plus.
• Knowledge of host based intrusion prevention programs for critical servers.
• Knowledge of Governance, risk and compliance management platforms such as Archer a plus.
• Must have detailed, technical experience in a multi-platform environment (UNIX, Windows, etc)
• Demonstrated project management experience, especially for large projects
• Demonstrated ability to work in a team environment and build collaborative relationships across an IT organization (applications development, operations, engineering, network, security, etc.)
• Must be pragmatic, practical, and process-oriented in approach
• Must be an intelligent, articulate, and persuasive manager who is able to communicate security-related concepts to a broad range of technical and non-technical staff.
• Development or system testing experience a plus
• CISSP preferred  

If you found this information helpful, please let us know how we can help you?