AbbVie's Information Security team is looking for a candidate to join an exciting, high performing organization. The Sr. Information Security Engineer, working within AbbVie's enterprise-wide information security team, will be responsible for ensuring security has been implemented in new and existing technologies in the environment. The Information Security team is looking for a highly motivated, self-driven individual that is never satisfied with the status quo. This role is expected to build relationships with other IT teams and provides the appropriate recommendations to protect the organization.
Major Duties and Responsibilities:
Support security aspects of business & IT initiatives by assisting in architecture, engineering, design, implementation, deployment, and operational transition of innovative & secure technology solutions.
Establish collaborative working relations with the Information Technology functions to ensure that solutions align with security architecture and business strategy.
Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned. Complete remediation activities and initiate actions to ensure that compliance and security gaps are successfully addressed.
Develop plans for security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices. Additionally, developing requirements for public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as Windows and Unix server infrastructure, messaging, end user computing devices, and software; adhering to industry standards.
Evaluate and engineer security controls employed by Cloud service and other third party providers to ensure information assets are adequately protected.
Foster an information security culture through education, skill development, and implementation of effective information security processes and practices.
Understand and adhere to corporate standards regarding applicable Corporate and Divisional Policies, including code of conduct, safety, GxP compliance, data security, and the software development lifecycle
Experience and Skills:
5+ years' work experience in information security and/or related functions (such as IT Audit, Risk Management or Security Architecture). During recent history, candidate must have demonstrated exceptional ability to assess and communicate information security concepts and practices, with both business and IT stakeholders.
Requires in-depth knowledge of the systems development life cycle, client area's functions and systems, and systems applications programs development technological alternatives.
Proven implementation of creative technology solutions that advance the business.
Excellent written and oral English communication skills.
Specifically, we're looking for:
Significant exposure or understanding of the following concepts, practices, and technologies: network security and perimeter security, firewalls, IDS/IPS, SIEM, workstation, mobile device, and network design standards.
Understanding the following concepts is a plus; identity management, federated identity services, incident management, access control, end-point protections, desktop security tools, anti-malware solutions, application vulnerability testing, public key infrastructure, Windows, and Unix/Linux.
Signification SOX and HIPAA experience in dealing with IT general controls (ITGC), demonstrated through hands-on audit, remediation, and/or computer system validation.
Strong people skills, collaborative ability to work with IT stakeholders inside and outside of the organization, able to mentor team members with diverse backgrounds.
Thorough understanding of Information Security frameworks and good practices (e.g. ISO, NIST), and proven ability to strike a balance between an academic and pragmatic approach.
Relevant work experience is important for successful performance of this role due to the complexity of our global IT Security environment.
Information security qualification such as CISSP is preferred. Equal Opportunity Employer Minorities/Women/Veterans/Disabled
Associated topics: attack, cybersecurity, identity access management, idm, information assurance, information security, information technology security, phish, security analyst, threat