The IT Security Architect is responsible for providing risk assessment and security architecture support, project security governance and guidance to IT for production platforms, new system implementations and system change initiatives. The person will be responsible for participating in the creation of an end-to-end approach to the reduction of risk across the systems environment and will be a key stakeholder in defining and implementing security architectures and designs through consultation with IT operations and project teams.
The IT Security Architect will be responsible for ensuring security standards are aligned to Information Security Policies and industry best practise, and constantly updated as the landscape changes. Responsible for defining security requirements for projects and overall security project governance
- Conduct risk assessments and evaluation of IT systems and their ability to meet system and security requirements, recommending mitigating controls for identified limitations and risks
- Work closely with IT stakeholders to ensure security requirements are effectively addressed in all phases of project lifecycles
- Review and contribute to the definition of functional and non-functional business requirements and translate these into clearly articulated architectural requirements in the context of the required solution
- Evaluate as-is and to-be IT security risks and controls including leveraging industry standards and practices for designing the future state solutions.
- Participate in defining and maintenance of enterprise and application security controls, and standards for production systems
- Assisting in identifying and assessing risk as part of the overall IT Risk Management process
- Evaluate and select various technologies for suitable inclusion in IT solution designs
- Develop proposals and business cases for enhancement of IT solution architectures, including various views of solution architectures
- Participates in the discovery, documentation and refinement of business requirements to ensure alignment with technically viable solution designs.
- Participates in technical incident management and troubleshooting as needed
Required Skills and Competencies
- BSc or MSc in Computer Science, Information Security or equivalent experience
- Minimum 5+ years’ experience in IT Security architecture
- Deep understanding of the role of IT Security in IT risk management and controls
- Deep understanding of the role of IT Security software engineering and application development methodologies in a complex multi-project environment.
- Proven experience based on ability to design and develop IT Security architectures for complex multi-component systems
- Demonstrated experience in developing conceptual, logical and physical IT security architecture deliverables.
- Ability to research alternatives, make recommendations and influence decisions based risk reduction.
- Ability to work collaboratively with individuals within both the technical community and senior leadership.
- CISSP, CISM, CISA or other industry security certifications highly beneficial
- Ability to communicate complex technical ideas in a simple way to non-specialist audiences
- Solid people management skills – providing direction, monitoring performance, motivating staff and building a positive working environment
- Ability to adapt to a fast-moving IT landscape and keep pace with latest thinking and new security technologies with a passion for technology and IT security
- Strong stakeholder focus – able to meet the demands of internal and external customers
Key Performance Indicators
- Projects implemented are secured to industry best practise – evidenced via clean penetration tests, vulnerability assessments and IS audits
- Promote security awareness & provide security governance in the project life cycle
- Awareness – knowledge of policies, standards and procedures (surveys and tests)
- Input into Enterprise Security Strategy
- Risk Management – Number of incidents reported, amount of loss incurred, number of situations managed