Tuesday, 29 March 2016

Mobile Security Architect – Ooredoo Group

The Role:
Ooredoo Kuwait Senior Enterprise & Mobile security Architect as part of Corporate Security team, will plan and design the overall security architecture. The Senior Enterprise & Mobile security Architect will be responsible for analyzing information security systems and applications, and recommending and developing security measures to protect information against unauthorized data access, modification or loss. Access control, intrusion detection, virus protection, certification, audit, incident response, security engineering, development and implementation of security policies and procedures are some of the areas that he will be engaged in on a regular basis
Key Accountabilities and Activities:
Collaborates with multiple Business and technology teams during the planning process that provides the models, templates and principles that are used to design, implement and operate information security solutions.
Leads to empowerment of planning, operations and project teams to comply with enterprise security policies, industry regulations, and best practices.
Lead advancement of the global information security architecture strategy.
Partner with IT, network architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems, networks and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates.
Lead security architecture initiatives including Infrastructure and Application Security, aligning strategy and all security architecture efforts.
Update job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
Enhance department and organization reputation by accepting ownership for accomplishing new and enhancement requests; exploring opportunities to add value to job accomplishments.
Develop Enterprise Security Architecture that is integrated into SDLC and communicate to organization.
Serve as a security expert in application development, database design, network and platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
Contribute to the alignment of security governance with Technology architecture governance and project and portfolio management (PMO).
Research and evaluate vendor solutions to determine value and risk management opportunities
Evaluates and develop secure solutions, based on approved security architectures. Analyses business impact and exposure, based on emerging security threats, vulnerabilities and risks.
Author policies, standards, and architectures that guide Technology and Business staff with security and risk management planning.
Communicate security risks and solutions to business partners and corporate staff.
Benchmark application security testing practices against authoritative standards (e.g., OWASP and SANS) as well as regulatory obligations (e.g., PCI, etc.).
Build consensus with peers and internal customer.
Seek guidance from project management office regarding integration of security services.
Interact with Ooredoo’s personnel at all levels and across all business units to advance security initiatives, communicate risk findings, and advance improvement.
Qualifications and Requirements:
6+ years of combined IT, Network and security work experience including infrastructure, systems, vulnerability testing, audit, or secure enterprise application software development.
Industry Standard Security certifications including: SANS, GIAC, CEH, CISA, CISSP, and CSSLP.
Industry Standards IT certifications including MCSE, RHCE, CCIE, and PMP
Experience programming in C or Java.
Experience leading and developing highly technical architecture team Formal training in a relevant enterprise architecture methodology (e.g., TOGAF).
Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT and business personnel.
Broad understanding of regulatory and legal requirements as they apply to information system security controls (e.g., PCI DSS, EU Data Protection Directive, etc.).
Expert knowledge of enterprise and web application development platforms
Sound understanding of security principles, such as network security, identity and access management, vulnerability management, and secure coding.
Advanced knowledge of secure coding practices based on OWASP and SANS.
Experience with project management best practices and collaborating with PMO.
Experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x, ITIL, COBIT and National Institute of Standards and Technology (NIST) frameworks.
Advanced understanding of SDLC, following the process to develop and design effectively solutions
Expert knowledge of Cloud security concepts (SaaS, PaaS, IaaS), mobile architecture, network and application security and/or data protection.
Broad understanding of security technologies, including firewall, proxy, IDS/IPS, vulnerability management, WAF, WiFi, mobile security, DLP, digital certificates, messaging, encryption and authentication techniques, relational databases, middleware applications, collaboration and document management solutions.
Experience developing and documenting application security architecture and data flow plans using Visio, MS Word, MS Excel, etc.
Experience performing application risk, business impact, security control, and vulnerability assessments.
Experience developing, documenting and maintaining security policies, processes, procedures and standards.
Familiarity with network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
Strong analytical skills to analyse security requirements and relate them to appropriate security controls
Employer want to submit job applications through their website at: Apply Online

No comments:

Post a Comment