Senior Application Security Architect

About

In this existing role you will be reporting to the Cybersecurity Manager, the Sr. Application Security Architect is responsible for establishing, communicating, and enforcing the standards for application security, including software development standards, developing security standards, implementing architectural principles and working with enterprise architects to ensure adherence to Rexall security standards and industrial best practice.

Responsibilities

• Manage and lead Rexall Secure Development Lifecycle (SDLC) process and practice
• Work with enterprise architects and software development team to develop and implement secure software development framework
• Develop application security standards and SOPs that comply with McKesson Security Policies, industry best practices and meet all appropriate legal and regulatory compliance standards
• Research security solutions and options for various Cloud application hosting platforms
• Develop and maintain Enterprise Architecture Security Reference framework
• Develop catalogue of standard secure architectures for different deployment types, including web application, mobile applications, cloud-based applications, SaaS, PaaS offering, etc.
• Liaise with Enterprise and Software Architects and integration teams to ensure that all applications are implemented with appropriate adherence to security standards.
• Manage application risk assessment
• Recommend appropriate solutions, components and development frameworks for new systems
• Incumbent will be the primary contact point representing Security for teams developing any new applications
• Participate in the review and approval of new systems implementation or development from the security perspective.
• Coordinate application penetration testing for all new and existing applications
• Manage Web Application Firewall and response to security incident involving application security
• Manage Static and Dynamic scan platform and schedule
• Work with internal and external resources to remediate application vulnerabilities found by code scan or from other channels.
• Work with internal and external auditors to provide evidence for audits and to remediate any gaps relative to application architecture and implementation
• Work in a cooperative manner with the IT Organization
• Perform other duties as assigned to support Rexall Pharmacy Group Ltd.

Qualifications

• Minimum 10+ years of working experience in IT combined with bachelor’s degree in Computer Science
• Hands‑on programming experience in software development in common programming environments including .NET, PHP, Java, Python
• Experience with Secure SDLC, DevOps, Microservices and integrated digital solutions
• Deep knowledge of application authentication and encryption including key management, IAM, OAUTH and SAML
• Experience with secure web application and mobile application development
• Experience with application penetration testing
• Experience with static code scanning tools and dynamic scanning
• Experience with secure coding and secure software development lifecycle paradigms defined in OWASP, ISO27001 and/or NIST frameworks
• Experience with PCI DSS compliance and the relevant requirements for application and system architecture.
• Experience with best practices for security controls, solutions and architectures for common cloud platforms such as Azure, AWS and Office365
• Experience with HIPA/PHIPA compliance regulations and practical ways of ensuring compliance with information privacy requirements
• Relevant experience in auditing based on PCI DSS and ISO 27001 information security framework is an asset.
• Strong interpersonal skills; highly motivated and directed.
• Excellent communication skills, both written and verbal.
• Strong customer service orientation.
• Experience working in a team-oriented, collaborative environment.
• Strong organization and time management skills
• Demonstrated experience in an audit role

Rexall Pharmacy Group is committed to providing an accessible environment for all of our customers, employees, and job applicants. Rexall Pharmacy Group will make available to any selected applicants’ accommodations and/or accessible formats should they require. Candidates are encouraged to discuss any accommodation they may need in order to allow for the most effective selection process.