The Corporate Systems Security Architect is responsible for working across the IT project portfolio to design, build and test secure applications and the supporting IT systems with a specific focus on Corporate Systems such as ERP / Finance Systems, HR systems and Order Management Systems.
The role is responsible for reviewing projects High Level Designs and Low Level Designs, working with technical teams to ensure solutions are secure. The Corporate Systems Security Architect will follow documented reference architectures and finalize security designs for new applications, integrations and supporting infrastructure. This is done in collaboration with the Enterprise Security Architect and Security Engineering teams.
- Design and maintain an information security architecture standards, principles, requirements and guidelines
- Maintain information security methodology, (including assets analysis, threat analysis, risk analysis, business impact analysis)
- Perform required information security analyses (including asset, risk, business impact etc.)
- Design and maintain a security related project templates
- Define requirements for projects related security controls
- Define and maintain a project related security self-assessment
- Closely cooperate with the rest of architecting/project teams
- A bachelors degree in Computer Science, Engineering, Information Security, or equivalent work experience
- 5+ years of relevant professional experience (Agile development, IT Corporate Systems Security, IT Security Applications)
- Knowledge of industry regulations and requirements such as ISO27001, NIST, PCI-DSS, Sarbanes Oxley(SOX) and other industry standards.
- Experience in planning, research and design corporate systems security architectures
- Knowledge how to perform vulnerability testing and security assessments
- Experience in researching security systems and authentication protocols
- Expertise in developing security requirements for enterprise systems, security requirements for middleware systems and platforms, security requirements for cloud components like VMs, microservices, serverless functions
- Knowledge of reviewing and approving installation of corporate systems components (servers, storage, network equipment, microservices) in cloud and on premises
- TOGAF / SABSA, CISSP, CCSK or CCSP, CEH (preferred)
- Good interpersonal skills, as well as collaborative negotiation will be necessary with both internal associates and suppliers
- Experience in integration issues identification and cost estimation
- Experience in security policies approval
- Experience with technical supervision to a security teams
- English language skills (spoken and written)