Lead System Security Architect

Responsibilities

Directly support the CISO.

Lead and manage GRC personnel as required.

Develop, review and implement security architectures and frameworks for IT systems, networks, applications and OT.

Evaluate or prepare security requirements proposed for project or tender submissions.

Develop security surveillance strategies, frameworks, and procedures.

Develop security assessment surveys and maturity measurement methods.

Identify vulnerabilities and perform security risk assessments.

Define and enforce security policies, procedures, and best practices.

Define governance and risk management procedures and methodologies.

Define security roadmaps based on business and enterprise priorities.

Evaluate and recommend security tools and technologies.

Coordinate and communicate GRC activities across the Group's subsidiaries.

Define and manage data gathering and reporting across the Group's subsidiaries.

Develop and maintain system security architecture and design standards / templates.

Maintain records of system architectural patterns and secure engineering solutions.

Work with the Security Compliance Lead to ensure all aspects of the GRC function are planned, implemented and applied effectively.

Work with the Security Risk & Compliance Manager to maintain and present a consistently accurate assessment of enterprise risk.

Work with the Cyber Security Architect / Auditor to ensure all aspects of Cyber Security Operational capability are developing appropriately and to communicate threat intel across subsidiaries as required.

Requirements

Knowledge of Threat Modelling techniques such as Mitre ATT&CK, PASTA, STRIDE and Attack Trees.

Knowledge of Enterprise Architecture Frameworks such as TOGAF, DODAF, Zachman / SABSA, Gartner EA, Archimate.

Knowledge of Standards and Control Frameworks such as NIST 800-53 Rev.5, CIS Top 18, ISO27001/2, PCI-DSS & OWASP Top Ten.

Detailed experience with hybrid and cloud architecture / system design and implementation.

In-depth knowledge of zero trust principles, network security, cloud security, cryptography, and secure software development.

Practical experience in NIST CSF and CIS Controls assessment and implementation.

Demonstrable experience delivering detailed system security design and threat modelling.

Excellent written and verbal communication skills.

At least 2 years work experience as a System Security Architect.

Previous work experience in IT architecture and infrastructure.