Position Summary

This Application Security Architect role reports into the Enterprise Information Risk and Security team to ensure the ongoing protection of the applications, systems, and data assets of Cognism. The architect will be the champion and owner of the Application Security Program. The successful candidate will lead development of information risk and security polices and standards for applications. The successful candidate will then help ensure applications are operated under continued alignment with information risk and security policies and standards, compliance policies and standards, and the organizations security risk profile. The successful candidate will also champion the policies and standards within the security teams and across the enterprise. This will be achieved by working with Chief Product Officer, Chief Technology Officer, enterprise development teams, Enterprise Architecture, Technology Operations to define an enterprise Information Security strategy and architecture, as well as to ensure that Security expectations and requirements are incorporated within the broader Information Technology Strategy and Architecture. This role is a position requiring advanced technical and organizational skills with the ability to think strategically, act tactically and advocate and influence positive transformation within the broader Information Technology organization.

Key Responsibilities

The Application Security Architect ensures the security of Enterprise applications through the following:

• Define, develop, and implement a DevSecOps approach for Cognism.
• Champion and implement a Security by Design philosophy and approach for Cognism.
• Define, develop, and lead engagement models and frameworks for technical, process, resource, and operational security considerations for solutions at all points of solution development lifecycle.
• Manage technical security consultancy, including providing design criteria, control objectives and requirements review and approval of methods, practices, tools, technologies, and capabilities for application security.
• Creates and maintains implementation standards, reference architectures, and design patterns that support information application security objectives and requirements.
• Develop and maintain threat models to incorporate into solution development process.
• Provides advice, guidance, and influence regarding security implications of design decisions including but not limited to application and system architecture, process and workflow, database design, network, and platform efforts.
• Govern and oversee design and scope of all Security Operations initiatives in support of Applications.
• Work with corporate project management to maintain velocity of all Security initiatives.
• Disseminate Enterprise technical strategy within Security teams; incorporate guidance into solutions.
• Liaise with research and development throughout the enterprise as required.
• Other duties as assigned.

Competencies

Communicates With Impact: Presents information and ideas in a thoughtful and compelling manner. Is clear and concise in verbal and written communications. Shares information freely and speaks openly and honestly. Seeks to understand the perspectives of others.

Drives and Delivers Results: Sets clear priorities, takes action, stays focused, and overcomes barriers to deliver expected results.

Solves Problems and Makes Good Decisions: Evaluates critical information needed to understand problems, determine probable causes, and develop workable solutions. Accurately assesses the costs, benefits, and risks associated with alternative courses of action and makes high quality and timely decisions.

Leads Change: Sees emerging patterns and opportunities. Adapts quickly and easily to new information, changing conditions or unexpected events. Facilitates and communicates change across the team or organization to drive adoption.

Lives Our Values: Behaves in a way that consistently demonstrates commitment to Cognism values. Our people:

• Are Nice!
• Are Collaborative. We’re in this together!
• Are Solution-Focused. For every problem, we’ve got a solution!
• Are Understanding.
• Celebrate Individual Contributors.

Information Security and Compliance: Demonstrates understanding of COGNISM security policies, standards, procedures, and external regulatory and customer requirements. Maintains a strong working knowledge of risk and security related concepts, technologies, industry leading practices. Assures confidentiality, integrity, and availability of COGNISM business process and supporting information infrastructure and data when appropriate. Demonstrates the skills, knowledge, and ability to ensure a risk-based approach to security is being consistently applied.

Collaborates Effectively – Partners with internal customers, stakeholders, and interested parties to ensure positive outcomes and experiences. Ensures security is viewed as a valued asset by internal customers and stakeholders.

Shapes the Future: Recognizes trends and their impact on the business. Accurately forecasts opportunities and obstacles, clearly defines a future state, sets the direction, and lead others toward the goal. Communicates the purpose and strategy in a way that inspires people to embrace it and make it their own.

Builds and Enables Great Teams: Attracts and selects strong talent. Provides guidance, feedback, coaching, and development to help people succeed and grow. Recognizes and rewards exceptional performance.

Education, Experience, Abilities

• Master’s degree in a field related to Information Technology (or equivalent experience), preferred.
• 10+ Years of Experience in a Security Engineering / Security Architecture leadership position
• Advisory consulting background – preferably to software, technology, and/or healthcare organization
• Experience implementing security programs incorporating regulatory privacy and security requirements including US and European Union Data Privacy and Security Directives.
• Familiarity with Information Technology Governance and Architecture standards including but not limited to ITIL, ISO 2700x, TOGAF, SPRING, STRUTS, ESAPI and NIST
• Familiarity with security industry information and intelligence resources including OWASP, SANS, IEEE, IETF
• Experience in the following products and services: Amazon AWS, Crowdstrike, Sonar Cloud, Static Analysis and Dynamic Analysis solutions (e.g. SNYK), Penetration Testing services, Web Application Firewalls, API Gateways, Customer Identity and Access Management (e.g. Okta, Auth0)
• Experience in developing and implementing application security capabilities for multiple operating models such as Containers, Infrastructure as Code, Infrastructure as a Service, Platform as a Service and Software as a Service
• Experience in developing and implementing Application Security capabilities, methods, and procedures in support of Continuous Integration and Continuous Development environments.
• Experience in developing and implementing security solution architecture and design diagrams, documentation, and supporting materials.
• Define, develop, implement, and continuously improve application security risk assessment methods, processes, practices and techniques.
• Works with a sense of urgency while remaining calm under pressure.
• Demonstrated ability to show initiative to drive progress and improvement.
• Proven ability to develop consensus and collaborate with team members and management.
• Superior written and verbal communication skills for a wide range of audience.
• Ability to work well independently and in a team environment.
• Ability to handle multiple tasks, prioritize and meet deadlines.
• Travel Requirements: up to 30%.
• Proficient with JIRA, Confluence, Microsoft Office Suite (Word, Excel, Power Point).
• Professional with ability to properly handle confidential information.
• Ability to work within a matrix organization.
• Must have ability to positively handle/manage stress, such as high work volume and frequent change.
• Must have flexibility and willingness to participate in the work processes of an international organization, including conference calls scheduled to accommodate global time zones.

Industry Certifications (Must be able to obtain and maintain one or more within six months if not currently certified):

• Certified Information Systems Security Professional (CISSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified in Risk and Information Systems and Control (CRISC)
• Information Systems Security Architecture Professional (ISSAP)
• AWS Certified Security Specialty