Security Architect Position description
Purpose of position
Cyber Security Architects provide technical leadership and architectural guidance in Cyber Security throughout the entire project lifecycle.
The Cyber Security Architect is responsible for architecture and design of cyber security controls and capabilities within the cyber security domain. This encompasses the ownership and development of solution architectures, high and detail level designs, and risk assessment artefacts in accordance with governance processes.
Key responsibilities include developing and overseeing cyber security solution architecture artefacts for projects and business-as-usual (BAU) activities, defining high-level functional and non-functional requirements, participating in Request for Proposal (RFP) and Request for Information (RFI) processes, analysing options and technical impacts, identifying threats, controls and assessing for risks, determining major components and sub-systems, and defining necessary integrations between them.
Key accountabilities
Architecture and Design
* Owning, capturing and documenting the current architecture where there are gaps, driving the development of target architecture, and developing roadmaps for security domains as required.
* Driving the identification of scope for cyber security uplift programs and BAU teams, to meet the cyber maturity and risk objectives.
* Owning and documentation of cyber security non-functional requirements.
* Driving the planning, definition, and high-level design of solutions, including evaluation of alternative solutions.
* Documentation of cyber solution architectures, high level and detailed designs, including documenting cyber patterns for future re-use.
* Definition of systems, components, and their interfaces as part of end-to-end solutions.
* Adhere to technology governance process and forums including presenting solutions, alternatives, requirement alignment, risks and decisions at relevant governance forums.
* Provide technical security subject matter expert (SME) oversight throughout all phases of a project or deployment lifecycle, including scope creation, definition of requirements, review of supporting project documentation, design and implementation planning and security testing.
* Ensure architecture and design artefacts are appropriately included in Knowledge Management repositories.
* Ensure that all Cyber Security architectures and designs align to IT strategies, principles, standards, and guidelines.
Cyber Solution Advisory
* Provide cyber security SME guidance and advice on technology problems and solutions to other capabilities, projects and BAU activities across the group.
* Perform cyber security reviews of architectures and designs produced by technology domain architects and designers.
* Development of cyber security risk assessments of complex technical scenarios including identifying threats, issues, control gaps and recommendations including documentation of risk and residual risk in alignment with enterprise risk management framework.
* Provide cyber security input to internal published polices and standards.
* Contribute to Request for Proposal (RFP) / Request for Information (RFI) processes by providing cyber requirements, reviewing responses and advising on cyber risk.
* People Leadership and Culture Provide leadership, mentoring and coaching to all team members (Security Designers, BAs, Project Managers, Change Managers etc).
* Contribute input to annual performance reviews (where required and as directed by the Cyber Leadership).
* Work with program and project teams, as well as with Information and Cyber Security BAU teams, and other BAU teams within the Customer and Technology division, using both waterfall and agile delivery methods.
Position complexities
As the business develops, the position will continue to evolve and the incumbent will be expected to adopt a flexible approach to work requirements and to undertake new or alternative duties as required. This may include new technology usage, new work procedures and customer service delivery systems. Changes will involve the employee and will be supported with training.
Key challenges:
* Working with multiple stakeholders across Customer and Technology, and the broader business.
* Managing multiple stakeholders in the delivery of cyber security programs and BAU.
* Managing a diverse stakeholder group, who represent different business interests.
* Partner with peers to ensure operational risks captured on the risk register are reasonable, are assessed and that appropriate mitigation plans are established, owned, and executed.
* As the cyber security capability and platform(s) develops, the position will continue to evolve, and the incumbent will be expected to adopt a flexible approach to work requirements and to undertake new or alternative duties as required.
Stakeholder relationship management
* The role requires extensive liaison with stakeholders (Chief Information Security Officer and direct reports, cyber security operational teams, other Customer and Technology Teams, and third parties required to deliver solutions) and demands strong communication skills, and high levels of business empathy.
* The role requires extensive teamwork with other Program Managers, Project Managers, Solutions Design & Build and Release Management & Testing teams, and Technology Operations teams
* This role will need to develop contacts with external entities to stay abreast of industry developments and best practice.
* This role is also responsible for fostering relationships with vendors, suppliers, and service providers as necessary.
Requirements
* 2+ years' experience in cyber security related roles.
* Previous experience in technology transformational program / project teams.
* Understanding of threat and risk concepts and the ability to articulate both as part of solution design.
* Ability to translate functional and non-functional requirements into appropriate security solutions.
* Pragmatic, outcomes driven attitude
* Outstanding interpersonal, oral, aural, and written communication skills.
* Able and prepared to think out of the box but still develop realistic solutions.
* Ability to liaise with senior technology stakeholders including Heads Of, General Managers and CxO levels.
* Presentation skills to consolidate complex technical information and visual for management.
* Analytical and problem-solving (reasoning) skills with design thinking mindset, and attention to detail.
* Strong initiative and resilience to maintain drive in an environment that is rapidly evolving and changing.
* Proficiency in the "office toolset" (i.e., MS Word, MS PowerPoint, MS Excel, MS Project, Atlassian Confluence, MS SharePoint, MS Outlook and MS Teams).
If you're interested in the above, or know someone who would be, please apply or reach out directly on the below details:
Jamie