Business Information Security Architect - Cyber Security

Job Description:

Position Overview

The primary responsibility of the Business Information Security Architect - Cyber Security is to serve as the primary point of contact between the information security function and the assigned business unit and/or Information Technologies department. The role will provide guidance during design, review vendor products (TRA), liaison for the business unit, and overseeing the transfer into production.

All duties are to be performed in accordance with departmental and Las Vegas Sands Corp.'s policies, practices, and procedures. All Las Vegas Sands Corp. Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the Company's standards, work requirements and rules of conduct.

Essential Duties & Responsibilities

• Communication skills: To communicate with all stakeholders such as software engineers, management, business units and vendors, the individual must convey technical language to other stakeholders often in non-technical terms.

• Identifying, testing and managing risk: They must identify and evaluate the risk to eliminate or mitigate risk in system or network.

• Knowledge of software development process and technical skills: Business Information Security Architect must know the technical aspects of projects to identify risks, propose immediate solutions and provide guidance for the application and system solutions during design and/or established architecture diagrams.

• Support development of cyber security requirements for software or applications.

• Ensure that all cybersecurity requirements have been met prior to production release.

• Proven experience as software architect, with a good understanding of cybersecurity functions

• Actively seek ways to improve business software processes and interactions.

• Perform security architecture design reviews of our products

• Interact with architecture review board to identify cyber risk in design

• Provide remediation guidance and recommendations during the Threat Risk Assessment lifecycle

• Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs

• Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)

• Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments

• Experience as an Application/Product Security Engineer, Architect or Developer

• Perform job duties in a safe manner.

• Attend work as scheduled on a consistent and regular basis.

• Perform other related duties as assigned.

Minimum Qualifications

• At least 21 years of age.

• Proof of authorization to work in the United States

• Bachelor's degree in Computer/ Information Science preferred or equivalent work experience.

• 4 or more years of experience in a cyber security architect role or at least 8 years related field work experience with 4 or more years of experience in a cyber security role and at least 4 years of Engineering experience. Must have a combination of 2 of the three bullet points below;

• At least 4 years of experience as an Architect

• At least 4 years of experience as an Engineer

• At least 4 years of experience in Penetration Testing, Cloud Security or Application Security

• Demonstrated experience working with technical and non-technical Team Members

• Basic knowledge of a broad range of IT Security, Controls and Service Delivery standards and frameworks for example, International Standards Organization (ISO) 27001, IT Infrastructure Library (ITIL), Control Objectives for IT (CoBIT), and Capability Maturity Model Integration (CMMI).

• Professional program certification in cybersecurity such as ISC2 CISSP, ISACA CRISC or CompTIA Security+ is recommended or working towards.

• Demonstrated knowledge of web applications, cyber security, and open-source technologies.

• Outstanding collaboration and communication skills are essential.

• Ability to execute multiple projects and tasks under tight deadlines.

• Experience working with Business Units and Information Technology teams to build secure solutions

• Strong familiarity with common vulnerabilities and attack vectors

• Provide off-hours support on an infrequent, but as needed basis. (Potential shifts may run 24/7 due to the needs of the business).

• Must be able to work varied shifts, including nights, weekends, and holidays.

Physical Requirements

Must be able to:

• Lift or carry 20 pounds, unassisted, in the performance of specific tasks, as assigned.

• Physically access assigned workspace areas with or without reasonable accommodation.

• Work remotely as necessary.

• Work indoors and be exposed to various environmental factors such as, but not limited to, CRT, noise, and dust.

• Utilize laptop and standard keyboard to perform essential functions of the job.