The Technology Platforms & Engineering (TPE) entity of Amadeus provides the core platforms that supports all Amadeus products developed by the customer units:
- Develop, innovate & maintain technology platforms that achieve high agility, stability & performance
- Improve developer productivity through automated integration and deployment capabilities
- Accelerate new releases & provide guidance to customer units on how to improve operational performance of existing solutions
- Inside TPE, the Architecture and Technical Governance Division (ATG) provides Platform Security, Privacy and Compliance Architecture, and, in addition:
- Enforces full transparency in technical decision making, enable agility, stability and design-to-cost culture in TPE via a thorough technology evolution, standardization and governance
- Grows the technical abilities of the organization by fostering internal and external communication, by developing the technical path within TPE & Amadeus and by enabling technical talents acquisition/retention
ATG scope covers the 4 following areas:
- Platforms Architecture
- Platforms Security Architecture
- Technology Strategy & Roadmap
- Technology & Architecture Lifecycle and Governance
The Platform Security, Privacy and Compliance Architect focuses on the security aspects of the platform, making sure that the technology, architecture and design choices are compliant with the security requirements.
He/she focuses on the Security, Compliance and Privacy Architecture according to the requirements defined by the Amadeus Chief Information and Security Officer (CISO), Chief Operation Officer (COO) - Security, and the Data Protection Officer (DPO). The Architecture is then translated into technical designs and passed on for implementation.
He/ she works in the team of the Chief Technology Officer and ensures Security, Privacy and Compliance needs are fully covered in the target Architecture and the technical roadmap.
The Platform Security, Privacy and Compliance Architect is able to audit architecture and design against Security and Privacy Requirements and Standards, and ensures external Audits and certifications can be achieved and maintained in collaboration with the CISO Office.
He/ she shall engage, evangelize and consult with Development and TPE teams in order to guide through the most secure architecture which fits the purpose.
He/ she contributes to the architecture and design where architecture changes are required in order to fulfil Security, Privacy or Compliance requirements.
He/ she shall support risk analysis associated to specific technical architecture/ designs. He/ she shall hold constant knowledge on Security, Privacy and Compliance Technology industry trends and how they translate into architecture standards in TPE.
Responsible for the Security Architecture of the platforms, she/he will ensure internal and external consistency and communicate regularly on evolution and changes. Contributes to technical advices to management for a future oriented strategic architectural direction.
Great logic and problem-solving skills and good security instincts.
- Assess and propose architecture security, privacy and compliance measures (effectiveness, appropriateness and costs) together with the responsible system, network and application specialists, software development, design and SRE teams for the TPE Platforms (IaaS, PaaS and SaaS as well as Middleware)
- Ensure Security and Privacy certifications can be attained and maintained successfully (e.g. PCI-DSS)
- Define and maintain security and privacy architectural principles and guidelines for operations and product development
- Determine the architecture's integration strategy. Translate / map implemented security and privacy policies, standards, procedures and measures into architecture and design principles
- Provide security architecture consultancy and training for Amadeus technical groups and projects
- Support / initiate risk analysis associated to specific technical architecture / designs and support risk mitigation initiatives
- Provide guidance and support to design, engineering and operations teams implementing the security and privacy architecture
- Understand the major global best practices/trends to contribute to the definition of the TPE technical strategy and target architecture.
- Lead studies and provide recommendations that ensure the technical feasibility and business sense of the TPE technical strategy.
- Continuously assess and propose improvement of existing security and privacy architecture in order to align with the industry best practices
- Work closely with the TPE and Development teams involved in the build and run of our software and architecture to homogenize the process and procedures, to enforce platforms and disciplines (N/W, S/W, System) convergence, security, privacy and compliance fulfillment, identify the pain points/future risks and propose architecture security solutions for them.
- Identify and analyze the major market best practices/trends to contribute to the definition of the TPE technical strategy and roadmap. Interact with/influence solution providers.
Profil recherché :
- Post-graduate university degree in IT/CS or equivalent experience
- Fluent English. German, French a plus
Relevant work experience
- 10-year experienced in Security field
- Hands on development experience on new technologies like cloud, soa - micro services etc - is a plus
- Any security certifications - Cybersecurity, ISO, PCI-DSS... is a plus
- Any published papers/articles is a plus