OBS! Ansökningsperioden för denna annonsen har
passerat.
Arbetsbeskrivning
What you will do
As a Security Architect you will support IT teams across the globe. You will ensure that privacy and security requirements are embedded in the design of our digital products and solutions, as well as to maintain security hygiene across our application portfolio. You provide services to various IT teams to help ensure continuity between Volvo Group security policies, VFS security needs and project requirements. You will be responsible for understanding, coordinating and implementing Volvo Group and VFS policies, standards, and procedures in the architecture of IT systems to safeguard VFS data. You will also ensure compliance with regulatory and statutory provisions with regards to architectural decisions and will collaborate with legal and privacy colleagues to determine the best course of action. Ultimately, you will give direction and provide technical solutions to your IT colleagues and will help drive the direction of technical security with VFS Digital & IT.
DESIRED OUTCOMES
• Risks to corporate information assets are reduced through the application of proven security principles.
• Corporate security maturity is improved by standardizing security architecture across all VFS application portfolios.
• Privacy and Security by Design is incorporated into all new IT projects.
• Volvo Group security requirements are met in all IT projects and new VFS security requirements are developed that are tailored to financial services environments.
• Long-term security strategies are developed that leverage new and innovative technologies and principles to stay in front of emerging threats.
Your starting point will be to, together with your colleagues at VFS and in the broad cross-functional network at the Volvo Group, take responsibilities in the following areas:
• Governing the use of the current and future Volvo Group infrastructure and solution architectures and implementing existing security requirements within the VFS landscape
• Manage the VFS D&IT operations and requirements from a security and privacy perspective within projects.
• Remain active in Volvo Group and VFS D&IT architecture communities to stay abreast of changing standards.
• Stay informed of current industry best practices in both platform and application security architectures.
• Work with VFS and Volvo Group IT Enterprise, Information and Infrastructure Architects to develop secure and resilient solution architectures for current and upcoming projects.
• Deploy principles found in the NIST Cybersecurity Framework throughout the enterprise.
• Develop long-term architectural security principles specific to the VFS business that will be applied to inform and develop future strategic planning and solution design.
• Advise teams and design for solutions in the areas of:
o Personal data solutions, specifically for Privacy by Design requirements
o Identity and Access Management
o Encryption technologies
o Cloud implementations (IaaS, PaaS, SaaS, Integration as a Service, Security as a Service, etc.)
o Infrastructure security including operating system policies and hardening, web server security, database and file storage security, etc.
o System-wide security architecture including server security zone placement, communications security, integration-layer security, etc.
o Data warehousing, business analytics, business intelligence, machine learning and artificial intelligence
o Business Continuity and Disaster Recovery
o Some high-level application development security architecture
Your future team
You will report directly to the Director, Privacy & IT Systems Security.
In many of our markets, VFS has won the Great Place To Work award, where Great Work is done. The preferred location is Gothenburg, Sweden where we are establishing our new Global Hub. Other VFS locations can be considered on a case-by-case basis.
Qualifications likely required to be successful in this role include:
• University degree in Computer Science, Engineering, Security with focus on IT
• Minimum 5-7 years of experience working in information security infrastructure or related areas.
• Information or IT Security certifications like CISSP, CCSP, CISM, CEH, etc. are preferred.
• Deep knowledge and understanding of information security fundamentals and risk management techniques.
• Proficient understanding of IT technologies like virtualization, containerization, big data, business intelligence and data analytics tools, tokenization and anonymization tools, cryptographic key management systems, cloud infrastructure, etc. that will form the basis of architectural decisions related to security.
• You have an understanding of application development languages and techniques.
• You are an expert at industry-specific best practices and guidelines like the NIST Cybersecurity Framework, OWASP Top 10, SANS CIS Critical Security Controls, COBIT and COSO controls, as well as industry requirements or governmental regulations like PCI DSS, SOX, GDPR, etc.
• You are self-motivated and enjoy learning new ideas and skills on your own.
• Deep knowledge and understanding of information security and privacy as well as experience with interfacing security organizations.
• Ability to communicate effectively at all levels in the organization.
• Excellent stakeholder management skills, ability to collaborate across the organization.
• Experience in developing and implementing effective company-wide security policies.
• Strong planning, tracking and presentation skills.
• Ability to make decisions and provide pragmatic solutions.
• Advanced level of English (oral/written) is a must.