QVC is one of the world’s leading multimedia retailers, reaching millions of customers around the globe each day on-air, on-line, and through mobile. Information security is a priority for QVC. To advance the global security program, QVC is seeking an Information Security Architect that will guide the application development teams in designing secure applications which will adequately support the business requirements of the organization. This position is based outside of Philadelphia at QVC Founders Park location in West Chester, PA.
Job Description Details
As QVC continues to mature the global information security program, we recognize the value of a formal information security architecture process as one of the key enablers of such a program. It is the planning process that provides the models, templates and principles that are used to design, implement and operate information security solutions. It enables consistency, leverage and reuse to satisfy the business requirements for security services in an optimum manner. The role of the Information Security Architect demands business insight; technical acuity; and the ability to think, communicate and write at various levels of abstraction.
- Works closely with IT applications architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all applications and database repositories to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
- Assists in developing the business, information and technical artifacts that constitute the enterprise information security architecture and solutions.
- Conduct risk assessments of new development efforts as well as externally purchased applications and web services
- Serves as a security expert in application development efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
- Contributes to the alignment of security governance with IT architecture governance and project and portfolio management (PMO).
- Researches, designs and advocates new technologies, methodologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.
- Contributes to the development and maintenance of the information security strategy.
- Evaluates and advocates use of the approved SDLC processes to secure application solutions. Assists in analyzing business impact and exposure, based on emerging security threats, vulnerabilities and risks for application systems.
- Supports communication of application security risks and solutions to business partners and IT staff.
- This is an expert/technical role. It defines the information security application architecture and design for the enterprise.
- This person works on multiple projects as the subject matter expert.
- The role is involved in projects or issues of high complexity that require in-depth knowledge across multiple application platforms and business segments.
- A bachelor’s or master’s degree in computer science, information systems or other related field; or equivalent work experience.
- Knowledge of a relevant enterprise architecture methodology (for example, the Zachman Framework or TOGAF).
- 10+ years of combined IT and security work experience in application development, with a broad exposure to application and multi-platform environments.
- Expert knowledge of security issues, techniques and implications across all existing computer platforms.
- Strong conceptual thinking and communication skills — the ability to conceptualize complex business and technical requirements into comprehensible models and templates.
- Ability to work well under minimal supervision.
- Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT and business personnel.
- Demonstrable written and verbal communication skills.
- Experience in using an enterprise architecture methodology (for example, Zachman, TOGAF and Gartner frameworks).
- Knowledge of a security-specific architecture methodology (for example, SABSA).
- Proven ability in application security process and organizational design.
- Industry Standard Security certifications including: SANS, GIAC, CEH, CISA, CISSP, and CSSLP.
- Industry Standards IT certifications including MCSE, RHCE, CCIE, and PMP
- Experience programming in C or Java.
Information Security Architect
QVC, Inc., a wholly owned subsidiary of Liberty Interactive Corporation (NASDAQ: QVCA, QVCB), is the world’s leading video and ecommerce retailer. QVC is committed to providing its customers with thousands of the most innovative and contemporary beauty, fashion, jewelry and home products. Its programming is distributed to approximately 300 million homes worldwide through operations in the U.S., Japan, Germany, United Kingdom, Italy and a joint venture in China. Based in West Chester, Pa. and founded in 1986, QVC has evolved from a TV shopping company to a leading ecommerce and mobile commerce retailer. The company’s website, QVC.com, is ranked among the top general merchant Internet sites.
QVC, Q, and the Q Ribbon Logo are registered service marks of ER Marks, Inc.
As an equal opportunity employer, QVC is committed to a diverse workforce and is also committed to a barrier-free employment process. In order to ensure reasonable accommodations for individuals pursuant to applicable law, individuals that require accommodation in the job application process for a posted position may contact us at [email protected] for assistance.