Job Description
You will join security team to develop Cyber capabilities in securing IT system changes against threats, reduce security vulnerabilities, influence senior management, and project leaders, in ensuring solution requirements meets the security objectives, and further the Groupโs pursuit of business opportunities
Responsibilities:
- Providing Security Architecture consultancy style subjectmatter expertise. Includeshanding difficult conversations and influencing colleagues in realising the need for security
- Delivering the conceptual and logical security design abstractions to identify threats and vulnerabilities as part of the solution Security Architecture
- Analysing systems, applications and system components to identify risks and propose mitigating security controls and countermeasures.
- Manage significant architectural decisions involving senior management, sponsors and projects to ensure secure outcomes and appropriate governance practices.
- Leveraging and updating existing control reference patterns. Proactively managing risk and assurance requirements, developing new design artefacts to outline integration approaches, use-cases, re-use,and technical referencefor Enterprise securitycapabilities
- Coaching and mentoringothers in the practical application of security and risk management concepts, principles and strategies, and relevant industry standards
- Commit and execute on timely, high quality security output to support Projectsโ and stakeholdersโ motivations, resulting in the favourable management of Cyber risks
- Improve design & architectural efficiencies through leveraging and/or establishing processes, guidelines, methodologies and approaches.
Requirements:
Must have
- 7+ years Security Architecture experience with focus on Cyber Assurance control domain or 10+ years Solution Architecture experience with significant exposure in the Cyber Assurancespace
- Strong English communication skills (both verbal & written), especially in the global software development environment
- Threat lifecycle management; security log & event management (SIEM); user & system behaviour (UEBA);security orchestration& automation (SOAR); security incidentresponse; contextual securitycorrelation; cloud security models (IaaS; PaaD; SaaS)
- Good technical understanding of other technology domains, namely identity & access management, data protection, vulnerability management, database security, application security, network security and DevSecOps
- Degree in ComputerScience / information systems or equivalent technical qualification
Nice to have
- Awareness of the Product/Vendor marketwith the abilityto execute on industry trendsand good practices
- Security Certifications (e.g., CISSP, SABSA etc) wouldbe beneficial
- Adaptable to various risk & securitymanagement frameworks