Information Security Architect

Formal Education

Diploma / Bachelor’s degree in Computer Science, Information Systems, Information Security, or related discipline from an accredited tertiary institution

Experience

●

At least five (5) years’ demonstratable experience/knowledge of Information Security / Cybersecurity

●

Experience advising customers on architectures meeting industry standards such as PCI DSS, ISO 27001, CIS Standards, HIPAA, and NIST/DoD frameworks.

Technical/Legal Certification

●

Relevant IT Security certification such as COBIT, CISSP, CISM, CISA, CGEIT, TOGAF, SABSA and any other Governance related qualification.

Responsibilities

• Act as security specialist utilising current information security technology disciplines and industry standards
• to ensure confidentiality, integrity, and availability of information assets.
• Security requirements management by definition and linking of security mechanisms to functional requirements
• Develop reference security architectures and frameworks (including requirements, design patterns, and other artefacts) for use throughout the Department.
• Develop security strategies and develop guidance documentation that drive the strategy.
• Evaluate new and emerging security technologies for potential suitability in the Department's environment.
• Development of security policies, security standards, and risk governance processes.
• Participate in the governance process to influence projects to adhere to industry standards, and all relevant security policies.
• Develop and foster relationships with technical teams and business partners in order to create an integrated approach that provides data integrity, information confidentiality, and service availability.
• Partner with Application Delivery, Compliance, Audit, Engineering, and Information Security to ensure that the Information Security Principles are embedded into new initiatives.
• Participate in IT security audit activities both internal and external, ensuring compliance to national regulations, POPI, Data Privacy standards and Payment Card Industry standards.
• Detailed attack modelling and security mechanism specification for hardware and software blocks.
• Advising and training the team on design, implementation and test of software security mechanisms.
• Root cause analysis of security defects
• Design, build and implement enterprise-class security systems for a production environment.
• Align standards, frameworks and security with overall business and technology strategy.
  • Identify and communicate current and emerging security threats.
  • Design security architecture elements to mitigate threats as they emerge
  • Create solutions that balance business requirements with information and cyber security requirements
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
  • Develop project timelines for ongoing system upgrades.
  • Prompt response to all security incidents and provide thorough post-event analysis
  • Establish disaster recovery and business continuity procedures.