Information Security Architect will work across information security and risk management and with all information technology functions to ensure public and private cloud infrastructures are designed and implemented as per defined policies, standards and industry good practices. The successful candidate will be a strong communicator with deep technical skills and, more importantly, a pragmatist who can think outside the box. The individual must be highly collaborative as they will need to influence functional leadership, project and application managers, other architects, engineers and developers.
In addition to accountabilities listed above in Job Purpose:
* Develops and maintains cloud security capability roadmap and strategy, and works with various other security domain architects to align his/her technology and service roadmaps
* Drives new technology/product/solution evaluations and identifies specific security technology standards for Public & Private Cloud
* Will have to wear ‘engineering’ hat regularly and drive product/solution Proof of Concept with other security architects/engineers
* Identifies and develop new cloud security design patterns
* Co-lead Cloud Security Technical Design Authority.
* Provides in depth expertise to Cloud and Infrastructure platform security topics
* Identifies major cloud security related deficiencies and defines/designs the official pragmatic approaches on how to remediate them at scale
* Collaborates closely with other Security Architects and IT Architects on Cloud Security related matters
* Solution oriented, can define various pragmatic alternatives leading to appropriate cloud security results
* Reports on cloud security status across company periodically and is responsible for maintaining a clear risk acceptance/remediation level
* Designs and signs off on all cloud security requirements for official solutions
KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS
* Level of maturity of controls (based on IGM (Information Governance and Management) control maturity assessments, internal audits and external benchmarking or assessment) within IT for cloud security related controls and vulnerability management
* Good cultural orientation and strong influencer of information risk management, information security, IT security, to be embedded across IT and OT network infrastructures
* Effective management of information risk status leading to reduced critical audit findings.
* Projects pass without major security deficiencies in regards to cloud security
* Complete coverage of methodologies and basic building blocks for security
*Clear metrics on adherence to risk acceptance as well as adherence to standards across NVS environment
* Up to date roadmap on legacy/deprecated/standard/upcoming technology
EDUCATION * Essential: o University working and thinking level, degree in business/technical/scientific area or comparable education/experience o CISSP and AWS or Azure architect certification * Desirable: o Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
* 12+ years of IT experience
* 5+ years of Linux/Windows systems/network administration experience
* 5+ years of experience in deployment/implementation of various security
tools/technologies like Firewalls/IPS/End point security/DLP etc.
* 4+ years as information security architect
* 2+ years as AWS or Azure security architect (IaaS/PaaS)
* Atleast 5+ years of experience of working in or providing IT services to a large enterprise
* Should demonstrate leadership skills: >2 years’ experience in management or lead
positions in a matrix organization
* Experience in reporting to and communicating with senior level management (with and
without IT background, with and without in depth risk management background) on
information risk topics
* Excellent written and verbal communication and presentation skills; interpersonal and
* Excellent understanding and knowledge of general IT infrastructure technology, systems
and management processes
* Experience of sourcing complex IT services, working closely with vendors and making full
use of their capabilities
Proven experience to initiate and manage projects that will affect other divisions, departments and functions, as well as the corporate environment
* Good understanding and knowledge of regulated industries, preferably pharmaceutical
industry. Good understanding and knowledge of business processes in a global industry,
preferably pharmaceutical industry
SKILLS/JOB RELATED KNOWLEDGE
* Good mediation and facilitation skills
* Good knowledge of IT Project Management
* Experience with compliance requirements (e.g. SOX, GxQ / CSV, E-compliance,
Records Management, Privacy).
* Knowledge of (information) risk management related standards or frameworks such as
COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice
* Deep understanding of network design, dataenter design, perimeter design, LAN design,
WAN design, Firewalls, Intrusion Detection Systems, Firewall Rule Management, Deep
Packet Inspection, Packet Capure and interpretation of packet capture, Web Application
Firewalls, Network Based attacks and Detection Techniques
* High level of personal integrity, and the ability to professionally handle confidential
matters and exude the appropriate level of judgment and maturity.
* Ability to handle competing priorities, and seeking consensus when stakeholders have
different or even contradicting opinions.
If interested please provide a copy of your CV, required daily rate and availability.
Regards V6 Team