At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone.
If you believe in developing a better tomorrow, read on.
About the Role
The role will be responsible for the security architecture in a field of responsibility (i.e. IT applications, IT infrastructure, digital workplace, or cloud solutions), design and develop IT security solutions meeting business needs while mitigating cyber risks.
In close collaboration with our Enterprise Architecture, IT Risk & Security, and Group Information Security teams, you contribute to the development of the company's IT security architecture and cyber defense capabilities.
The post holder would typically drive beneficial security change through the development and review of enterprise architectures designs to ensure they meet and support the business requirements. This entails ensuring appropriate and proportionate mitigations to risks that support safe and secure operations without hindering the needs of the business.
Job Responsibilities
- Works with the Enterprise Architect and Group Security Enterprise Architect, takes the Business security requirements and responsible in the development of an Enterprise Security Architecture incorporating hosting, infrastructure applications and cloud-based solutions laying out a set of security design principles, and a set of security functions and mechanisms to implement the security controls needed to achieve stated security objectives.
- Interprets relevant security policies and threat/risk profiles into secure architectural solutions that mitigate the risks and conform to regulations and relate to business needs.
- Determines security requirements by evaluating business strategies and requirements evaluate/develop/continuous review/improve existing information security standards/process conducting system security and vulnerability analyses and risk assessments structure the security requirement of all platform architecture identifying integration issues preparing cost estimates.
- Applies common architectural frameworks (e.g.TOGAF, SABSA).
- Presents security architecture solutions as a view within broader IT architecture.
- Devises standard solutions that address requirements delivering specific security functionality whether for a business solution or for a product.
- Maintains awareness of the security advantages and vulnerabilities of common products and technologies.
- Designs robust and fault-tolerant security mechanisms and components appropriate to the perceived risks.
- Develops and implements appropriate methodologies, templates, patterns and frameworks. Implements and updates secure systems, products and components using an appropriate methodology.
- Defines and/or implements secure development standards and practices including, where relevant, formal methods.
- Defines and/or implements appropriate secure change and fault management processes.
- Verifies that a developed component, product or system meets its security criteria (requirements and/or policy, standards and procedures).
- Specifies and/or implements processes that maintain the required level of security of a component, product, or system through its lifecycle.
- Manages a system or component through a formal security assessment.
- Performs other responsibilities and duties periodically assigned by supervisor in order to meet operational and/or other requirements.
Job Requirements
- Extensive experience in information security and/or IT risk management with a focus on security, performance and reliability
- Solid understanding of security protocols, cryptography, authentication, authorisation and security
- Good working knowledge of current IT risks and experience implementing security solutions
- Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
- Ability to interact with a broad cross-section of personnel to explain and enforce security measures
- Excellent written and verbal communication skills as well as business acumen and a commercial outlook
