Manager, Security Architect
IQVIA
- São Paulo - SP
- Permanente
- Período integral
- Support IQVIA’s Zero Trust Program including design, engineering and deployment of CASB and Secure Web Gateway
- Support deployment of cloud security solutions such as CASB, SASE, CSPM, CWPP and other enterprise security platforms.
- Help drive security architecture and cloud security across the organization including researching and implementing technologies to secure IQVIA environments and solutions
- Support and help drive key IQVIA projects including leading solution design, tool evaluation and selection, proof of concept evaluations with stakeholders, operationalization and transition solutions to BAU teams.
- Serve as the engineering lead for key IQVIA projects and initiatives to test offerings, designs, and to integrate and operationalize solutions.
- Evaluate market offerings, drive Proof of Concept evaluations, and collaborate with stakeholders to identify solutions to be used in designs Support a security program focusing on cloud environments (including hybrid cloud), as well traditional on premise environments and environments acquired through M&A,
- Work with IQVIA teams to design and build centralized compute environments with a focus on Microsoft Azure and Amazon AWS CSP environments.
- Serve as part of a security team responsible for representing information security in IQVIA’s design committee. Review, assess, and threat model designs to work with IQVIA teams to improve security postures prior to build and deployment.
- Document standards, requirements and security guidance for IQVIA stakeholders to drive security with IQVIA teams.
- Work with the Information Security team to drive Security by Design and collaborate with stakeholders to shift left by integrating security early in design processes by providing guidance, clear objectives and requirements and by working with teams to threat model and identify risks associated with designs.
- Work with stakeholders to develop the improvement of the landscape of technical security safeguards, including assessment and deployment of new capabilities, technologies, and systems
- Develop secure architecture strategies for IQVIA with respect to technology domain standards and design goals
- Ensure delivery of the security architecture frameworks, design templates, standards, reference architectures and guidance materials in alignment with the IQVIA Integrated Information Security Framework (IISF)
- Research and identify emerging technology solutions that reduce costs, increase efficiencies, provide more value, provide more capabilities, reduce risks, and increase security posture
- Evaluate information security components and conduct feasibility studies for selecting appropriate and cost-effective solutions
- Engage with third-party specialist service providers and vendors where necessary to support program deliverables, including carrying out vendor and product selections and organizing necessary operational support
- 3 to 5 years of professional experience in Information Security, IT Delivery, IT Program Management or other related areas
- Experience with cloud security and cloud security platforms such as CASB, SASE, CSPM, CWPP, SaaS security, CSP (Azure and AWS) IaaS/PaaS security
- Experience with Palo Alto Prisma Cloud for Cloud Security Posture Management and Cloud Workload / Container Security
- Bachelor's degree in Business Administration, Computer Sciences or equivalent work experience in related areas is preferred
- A CISSP, CISM, CCSP or equivalent professional certificate is mandatory
- An ITIL, project management or IT architecture, such as TOGAF, CEH or GIAC or other related certificates are preferred
- Working knowledge of IT governance frameworks and standards such as CobiT, ITIL, ISO27001, NIST cybersecurity framework
- Working knowledge of IT architecture frameworks such as TOGAF and/or project management methodologies
- Working knowledge of regulatory and legal requirements frameworks related to information security for healthcare data, such as HIPAA, EU Data Protection Directive and/or equivalent regional frameworks is preferred
- Experience in information technology related positions with working knowledge of IT infrastructure, networks design, databases, processing systems, web applications, mobile technology, cloud, big data, virtualization, protocols and technologies supporting encryption, authentication, access control, information systems attack patterns, intrusion detection, and network security