Application Security Architect

GM Financial is the captive finance company and the wholly owned subsidiary of General Motors and is headquartered in Fort Worth, Texas. The company is a global provider of auto finance solutions, with operations in North America, Europe, Latin America and China.

The Application Security Architect is responsible for designing and maintaining a secure development life cycle for General Motors Financial to assure that information created, acquired or maintained by GMF is used in accordance with it?s intended purpose. Additionally, the secure development life cycle will comply with all statutory and regulatory requirements for information access, security and privacy. Key responsibilities will include engaging in the initial requirements definition by analyzing threats and risks, facilitating security reviews to identity vulnerabilities, and testing security requirements. Analysis of threats and risks should consider malware analysis and protocol analysis. This position will work with application teams and IT groups by providing information on security practices, risk assessments and supporting incident response in the investigation of incidents. This employee has contact with other GMF departments and will assist in articulating and implementing the information security strategy.

* Work with IT departments, IT Architects, data custodians and governance groups to develop and update GMF security policies, standards and procedures for secure application architecture. * Assist security management in creating, reviewing and updating the Information Security strategy on a periodic basis. * Recommend and implement changes in security policies and practices in accordance with changes in privacy law or financial sector security practices. * Initiates, facilitates and promotes activities to create information security awareness within the organization. * Coordinates the development and delivery of an education and training program on information security and privacy for employees, contractors and other authorized users. * Manage the efforts to conduct information security control assessments for systems which store customer information whether hosted internally or cloud based. * Assess and communication security risks associated with development practices in place at the company. * Provides input to engineers for additional configuration of application firewalls via IT project management and change management. * Provides function/business requirements for security solutions/initiatives and identified areas to improve GM Financial?s security posture. * Advise and drive the security maturity of the development lifecycle. * Monitor adherence to standards in architecture, application design, development, and testing frameworks. * Acts as a mentor providing guidance to all team members on security issues. **Other Important Duties** * Perform other duties as assigned.

**Knowledge** * Must have knowledge and stay up to date on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities. * Actively partner with infrastructure, application and other stakeholders to ensure deployed solutions minimize security and privacy risks. * In depth, hands-on understanding in application architectures and technology including web applications, mobile technology, identity and access management. * Familiarity with security hacking tools and techniques. **Skills** * .NET * Low level programming languages * Web 2.0 technology * Mobile technology * Strong analytical skills. * Excellent verbal communication skills. * Strong interpersonal skills. * Ability to meet time sensitive deadlines required. * Ability to work collaboratively and build consensus is essential. * Ability to make sound decisions and exercise good judgment pertaining to operating procedures and projects. * Ability to manage business and technical relationships with internal and external clients. **Experience** * Bachelor's degree in Information Technology, Information Security, Information Assurance, Information Management or equivalent experience. * Certification in one or more IT Security disciplines or equivalent experience. CISSP or CISM is preferred. * Strong knowledge of software development/deployment methodologies in web/mobile based environments. * Knowledge of software security for web and mobile applications. * Experience with the financial industry and regulations is preferred. * Experience with firewalls, IDS, log management and troubleshoot network devices. * Possesses knowledge in various information security areas, such as: Identity and Access Management, Threat and Vulnerability Management, Information Risk and Governance, IT architecture, Monitoring, Incident Response and Security Strategy. * 7 years of experience in Information Technology or Information Security as a Security Architect or Application Architect with Security knowledge and skill. **Work Conditions** * Normal Office Environment; subject to stressful situations. * Travel: approximately 5%