Information Security Architect at Boardroom Appointments

Key purpose:

• As a recognized Information and Cyber Security authority the Information Security Architect collaborates on Information Security standards & controls and creates robust security architectures in support thereof and leads the realization of the security architecture into the target environments to secure the enterprises information assets. Extensive subject matter knowledge of Information Security and Cyber Security is essential.

Duties and responsibilities:

• Create information security architectures and designs to secure enterprise information assets in line with architecture standards.
• Serve as the primary Information Security architecture authority for all project and operational stakeholders, and ensure secure architecture across all solutions and technology landscapes.
• Lead the creation of Information Security architecture and design patterns and standards, and contribute to SDLC governance standards as required to secure the enterprises information assets.
• Develop and maintain an understanding of the business strategy, business priorities and the overall enterprise Information Security Management System (ISMS).
• Develop Company Information Security roadmap and blueprints in line with the strategic business direction.
• Determine security requirements by evaluating business strategies and requirements, researching Information Security standards and technologies, evaluating network and security technologies, collaborating on security and vulnerability analyses and risk assessments of on-premise, cloud and 3rd party hosted environments, and monitoring changes in laws, regulations (e.g PCI DSS, POPI, etc).
• Translate security requirements into effective Information Security architectures and designs to secure enterprise information assets in line with the requirements.
• Engage all stakeholders to obtain agreement on proposed information security solutions and work closely with business stakeholders, IT Compliance, IT Security operations, Business Analysts, Developers, Testers and Project Managers to architect and implement information security solutions.
• Create business, data, application and technology architectures and designs using the appropriate modelling techniques and methodologies for Information Security in the enterprise architecture repository in line with architecture principles.
• Keep abreast of the latest Information and Cyber Security trends and emerging technologies, identify and analyze architecture best practices, determine the potential impact on the enterprise, and drive adoption as deemed appropriate.
• Be clearly identified as the senior design authority as it relates to Information and Cyber Security and provide technical guidance and leadership in solution proposals, RFIs, RFPs, and project teams.
• Partner with the Enterprise Architect and other Solution Architects in support of the definition and development of the overall retail solution landscape.
• Detect critical Information and Cyber Security deficiencies in solution architectures and recommend improvements.
• Work with Project Managers, IT Team Leaders, and external service providers to drive projects to successful implementation.
• Review external and internal designs of solutions and technologies from an Information and Cyber Security risk perspective.
• Ensure applicable Architecture and Design reviews are conducted in line with Information and Cyber Security requirements and the defined IT governance and processes.
• Provide architectural oversight and guidance to development teams to ensure secure solutions during the detailed design, build, test and deploy phases that conform to architecture principles and standards.
• Provide input into Information Security standards, policies, and procedures for emerging threats.
• Maintain and manage Information and Cyber Security related architecture artefacts in the Enterprise Architecture repository and ensure that the content is effectively organized and controlled so as to maintain architectural consistency.
• Contribute to the definition of a framework for Solution Architecture and the policies, procedures and templates that guide and govern Architecture processes.
• Contribute to the development of architecture principles and compliance criteria to guide technology decisions.
• Contribute to the development of solution modelling standards and guidelines.

Qualifications and experience:

• Degree in Information Systems / B Sc. Comp. Science (or similar)
• Working experience within the IT industry - 10 yrs
• Leadership role in an IT Security environment - 5 yrs
• Experience with IT projects from a Security architecture and design perspective (SDLC) - 5+ yrs
• Hands-on experience with cloud applications, infrastructures and public cloud providers (AWS - required, Azure - required, GCP - desirable) - 2-3 yrs
• Knowledge of various architecture frameworks including TOGAF and Zachman frameworks (TOGAF certification would be a distinct advantage) - 2-3 yrs
• Demonstrable knowledge of Security Architectures and familiarity with various architecture viewpoints (business, applications, data, and technology architectures) is required - 2-3 yrs
• Extensive experience in Information Security and/or IT risk management with a focus on security, performance and reliability - 5+ yrs
• Solid understanding of common security services and implementations including security protocols, cryptography, authentication, authorisation, network security intrusion and exfiltration prevention tools - 5+ yrs
• Experience implementing multi-factor authentication, single sign-on, identity management or related technologies - 5+ yrs
• Experience in Information Security regulatory frameworks eg. PCI DSS, POPI, GDPR - 5 + yrs
• Experience in relevant National Institute of Standards and Technology (NIST) standards - 5 yrs
• Experience in ISO27001/2 Framework specifications for a framework of policies and procedures that include all physical and technical controls involved in an organizations risk management - 5 yrs
• Experience in implementing, using and administering EA tools and EA meta-model definition (ARIS Preferable/ or Sparx Enterprise Architect) - 3+ yrs
• Experience in developing and implementing IT architecture plans, Enterprise Information Architecture standard and guidelines, software development methodologies and strategic plans - 3+ yrs
• Mentoring others to improve skills - 3+ yrs
• Strong leadership skills to indirectly manage across functional teams toward common solutions - 3+ yrs
• Strong facilitation skills to engage subject matter experts to define data requirements and conduct data modelling design reviews with project teams - 3+ yrs
• Retail industry experience with an understanding of retail business processes and the information and data requirements of these processes - 5+ yrs