Job Description
The purpose of this role is to ensure that IT systems and projects undergoing change are secure by design, build, and implementation. The ideal candidate will play a critical role in embedding security principles throughout the project lifecycle, ensuring compliance with organizational Global Information Security policies, industry standards, and regulatory requirements. This role requires a deep understanding of security architecture, risk management, and secure development practices, as well as the ability to collaborate with cross-functional teams to deliver secure IT solutions.
Key Responsibilities
- Collaborate with project teams / squads to ensure security requirements are integrated into the planning and design phases of IT systems.
- Perform security reviews of technical designs, configurations, and implementations to identify and address cybersecurity risks.
- Conduct threat modeling and risk assessments to identify potential vulnerabilities and recommend mitigations.
- Ensure all IT changes and projects follow established security governance processes, including risk assessments and approvals.
- Collaborate with Change Advisory Boards (CAB) to ensure security considerations are addressed before changes are approved.
- Maintain documentation and knowledge base of security assessments, decisions, and actions taken during the project lifecycle.
- Act as the primary security advisor for IT projects, working closely with project managers, architects, developers, and other Global Information Security stakeholders.
- Contribute to the development and enhancement of security policies, standards, and guidelines.
Qualifications
- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
- 7+ years of experience in information security, with a focus on secure design, architecture, and implementation.
- Strong knowledge of security frameworks and standards (e.g., ISO 27001, NIST, PCI DSS, OWASP).
- Experience conducting threat modeling, risk assessments, and security reviews.
- Proficiency in secure development practices, including secure coding, encryption, and vulnerability management.
- Familiarity with IT change management processes and governance frameworks.
- Strong analytical and problem-solving skills, with the ability to assess complex technical environments.
- Excellent communication and interpersonal skills, with the ability to influence and collaborate with diverse stakeholders.
- Relevant certifications such as CISSP, CISM, CEH, or SABSA.
- Experience with cloud security (e.g., AWS, Azure, GCP) and DevSecOps practices.
- Experience working in Agile or DevOps environments.
