Pearson Senior Platform Security Architect / Manager - eCommerce in London, United Kingdom
Senior Platform Security Architect / Manager - eCommerce
At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always reexamining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.
Reporting to the VP, Information Technology Security, this senior thought leader role is responsible for eCommerce platform security architecture. The individual will bring a high level of technical and business acumen with an ability to build strong, trusted relationships across Pearson, Partners and Customers. They must know how to work with cross-functional, multi-location teams; becoming a trusted technology thought leader to all stakeholders while having in-depth technical knowledge and skills related to modern B2C and B2B eCommerce Platforms.
Responsibilities include but not limited to:
Security Architecture Partner for eCommerce platforms to analyze baseline security and privacy of these platforms, develop recommendations for future roadmap, and achieve commitment for improvements
Function as Pearson eCommerce Security SME, with ownership of current and future state eCommerce security strategy.
Partner with CISO colleagues, Data Privacy Office, IT and Product to oversee and govern implementation of security and privacy roadmap
Implement, iterate, and regularly populate scorecards which aggregate security KPIs
In alignment with Security Architects and Enterprise Architecture, build repeatable patterns that covered platform teams can use to guide the services they provide and consume
Perform risk assessments and review and sign-off changes in covered platforms when a material security or privacy impact is anticipated
Evaluate platform compliance against current policies and standards, planned future policies and standards
Assist with and perform spot audits of systems/products within platforms
Join operational teams during incident calls if needed to provide key security guidance
Identify emerging technologies and trends to incorporate into platform roadmaps
Build and maintain in-depth knowledge of business and security market, customers, and competitors
Maintain in-depth knowledge of the company’s products, teams, and solution architectures.
Maintain a mutually flexible work schedule to accommodate meetings with individuals in time zones all over the world.
Champion diversity, inclusion and equity while managing, mentoring, and developing a globally distributed team of engineers and/or architects, delegate responsibilities, ensure high performance, and other people management tasks
Work remotely for the duration of 2020, but return to the office in conformance with reopening plans.
Specific Work Experience
The following technical skills and experience are essential:
5 years e-Commerce Security Architecture experience in a B2B and B2C Digital Environment. Must include hands on security experience of Hybris eCommerce Platform.
5 years hands on Security Architecture and Engineering experience in a mature AWS environment. With some experience of Azure and Google Cloud environments.
Security Leadership experience within a diverse Digital and Cloud environment. Ability to negotiate and obtain agreement from C-Suite Leadership.
Demonstrable experience of PCI-DSS compliance.
Experience with DevOps and Cloud development; including any Agile or Agile-like framework.
Experience of designing and implementing Security Solutions through to operation, experience of multi-supplier/multi-platform environments.
Experience in working with clients to capture requirements and formulate solutions.
A high-level knowledge of all key areas of Information Security Technology and an ability to apply them appropriately
Delivering Security Architectures/Strategies as part of a broader Enterprise or IS/IT Architecture
Interpreting and applying appropriate Standards, Policies and Legislation, e.g. PCI-DSS, DPA, GDPR, HMG SPF, NIST, NCSC, ISO27001, FFIEC, SOX, etc.
Understanding of Threat Intelligence and Risk analysis methodologies/techniques and the interpretation/application of their output in the definition of Security Architectures
Understands the importance of total customer care and is able to demonstrate the ability to build long-term business relationships. Has the ability to manage customer expectations in addition to ensuring that a high level of service is delivered.
Able to demonstrate excellent communication skills and influence in achieving the right outcomes.
Open, clear and assertive, although able to build effective long-term relationships.
Able to build effective relationships at all levels of the organisation and to play an active part in the achievement of shared solutions and results. Leadership of assigned team members to ensure any work done is performed to defined standards.
Critically evaluates all available options and effectively executes conclusion to achieve desired result, working either independently or as part of a wider team.
Self-Motivated And Resilient
Demonstrates a high level of energy, enthusiasm and tenacity to achieve positive results. Is a self-starter, overcomes obstacles and is driven to succeed. Works well under pressure and deadlines.
Planning & Organisation
Applies a resourceful approach to work, using time management skills and prioritising a complex workload. Structured and methodical, yet additionally able to adapt style to maximise the achievement of a positive result.
Two or more of the following certifications/qualifications would be preferred.
MSc in Cyber Security or related subject plus ( ) relevant industry experiences
CEH / CISSP / CISM / AWS Architecture Certifications
CCP Security Architecture at Senior Level
Colorado-based individuals expressing interest in this position can expect a starting salary range of $140,000-$170,000.00, and are eligible to participate in an annual incentive plan.
Benefits available to eligible employees can be seen at: https://pearsonbenefitsus.com/
Primary Location: US-NC-Durham
Other Locations US-RE-Remote, GB-GB-London
Work Locations: US-NC-Durham-5425 Page Churchill 5425 Page Road Durham 27703
Organization: Technology & Operations
Employee Status: Regular Employee
Job Type: Standard
Shift: Day Job
Job Posting: Jan 7, 2021
Job Unposting: Ongoing
Schedule: Full-time Regular
Req ID: 2010103
Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.