Information Security Architect

Summary

Join AbbVie's Business Technology Solutions (BTS) team as an Information Security Architect and contribute to the digital transformation of a leading biopharma company. This remote position, based anywhere in the U.S., involves shaping the organization's security strategy, architecture, and practices. You will develop and maintain the threat modeling program, conduct threat modeling assessments, build a team of threat modelers, and integrate advanced security technologies. Collaboration with senior leaders and stakeholders is crucial, along with staying updated on security trends. The role also includes educating stakeholders on security best practices and working with various teams to integrate security considerations into operational processes.

Requirements

• Bachelor’s Degree and 8 years’ experience OR Master’s Degree and 7 years’ experience OR PhD and 3 years’ experience
• Advanced knowledge and application of cybersecurity terminology and concepts, and foundational understanding of the cyber threat landscape and attack vectors
• Demonstrated proficiency with security controls and concepts
• Demonstrated experience and abilities implementing threat models at the enterprise level
• Experience building out a program, preferably specific to threat modeling
• Advanced knowledge of security technologies, operating systems, networking protocols, and systems administration
• Ability to analyze and understand technical information
• Strong organizational skills with attention to detail
• Demonstrated ability to innovate and adapt in response to a constantly changing environment
• Advanced critical thinking, problem solving, and analytical skills
• Excellent written and verbal communication and listening skills, with the ability to effectively convey technical insights to technical and non-technical stakeholders
• Ability to work both independently without direction and within a group for day-to-day activities
• Willingness to be available, as needed, for major and critical security issues

Responsibilities

• Develop and maintain the organization's Threat Modeling program, systematically identifying components or assets, assessing threats, and establishing mitigation measures
• Create and manage a threat library using industry tools to document known threats, assess their risks, and utilize this information to guide security architecture decisions and risk assessments
• Conduct Threat Modeling assessments, identifying in-scope components or assets, potential attack vectors, and vulnerabilities within the enterprise security architecture, and recommending targeted mitigation strategies
• Build and develop a team of Threat Modelers focused on leveraging methodologies to enhance security by identifying threats and closing vulnerabilities
• Guide the integration of advanced security technologies and practices, to bolster the organization's defense mechanisms
• Collaborate with senior leaders and stakeholders across the enterprise, providing expert advice on security matters and influencing strategic decisions
• Keep abreast of the latest security trends, threats, and technologies to continuously refine and update the security architecture and practices
• Lead initiatives to foster a security-aware culture within the organization, including educating stakeholders on security good practices and risk avoidance
• Work closely with IT, compliance, and business units to ensure that security considerations are seamlessly integrated into operational processes and project lifecycles
• Evaluate and recommend appropriate security controls across a diverse and complex infrastructure landscape, including on-premises, cloud, and various X as a Service models
• Identify and communicate current and emerging security threats and help design security architecture elements to mitigate threats as they emerge
• Support training of more junior employees as well as employees outside the Information Security Team, as needed

Preferred Qualifications

A sincere desire to learn, grow, and go beyond personal capabilities, staying abreast of the latest developments in the cybersecurity landscape

Benefits

• Paid time off (vacation, holidays, sick)
• Medical/dental/vision insurance
• 401(k)
• Short-term incentive programs
• Long-term incentive programs
• Remote work