Cyber Security Architect

Job Purpose:

 

 

 

• The Cyber Security Architect role is to strategically design and implement cyber security systems, applications and controls that support core organizational functions, and assure their high confidentiality, integrity and availability. This individual will gain organizational commitment for all systems and applications plans, as well as evaluate and select / propose all technologies required to securely complete those plans.

 

 

• Manage and/or conduct Cyber Security tests, such as VA/PT, Mock-Drills, RedTeaming, etc. to check and ensure the adequacy of security controls.

 

 

• Manage the Cloud Security team in the various requirements/setup related to Cloud Computing.

 

 

• Partner with Cyber Fraud unit to provide necessary support and guidance on latest trends and technology.

 

 

 

Key Accountabilities

 

 

 

• Design and support implementation of long-term strategic goals and short-term tactical plans for managing and maintaining corporate cyber security architecture, systems, applications and controls.

 

 

• Ensure that proposed and existing security architectures are aligned with organizational goals and objectives.

 

 

• Provide architectural expertise, direction, and assistance to other Information Security and Information Technology Team members.

 

 

• Develop, document, and communicate plans for investing in cyber security architecture, including analysis of cost reduction opportunities.

 

 

• Conduct research on emerging technologies in support of security development efforts and recommend technologies that will increase cost effectiveness and systems flexibility.

 

 

• Where applicable, design, develop, and oversee implementation of end-to-end integrated security systems.

 

 

• Document the existing security architecture and technology portfolio; make recommendations for improvements and/or alternatives.

 

 

• Review new and existing systems design projects and procurements, related to IT/InfoSec/Business projects and initiatives or outsourcing plans for compliance with standards and architectural plans.

 

 

• Confer with end-users, or senior management to define business requirements for systems and infrastructure development. Review and approve project related documents and deliverables, in the Cyber Security prespective.

 

 

• Model security systems processes based on findings and through use case scenarios, workflow diagrams, and data models.

 

 

• Develop and execute test plans to check infrastructure and systems technical performance. Report on findings and make recommendations for improvement.

 

 

• Plan and conduct/manage internal and external Penetration tests to comply with various regulatory standards and business requirements.

 

 

• Plan and manage third-party security exercises such as RedTeaming, Ransomware Readiness, Compromise assessment, etc.

 

 

• Develop, document, communicate, and enforce a policy for standardizing security architecture as necessary.

 

 

• Maintain a solid understanding of Architecture and Control frameworks such as CIS 20 Critical Controls, PCI DSS, TOGAF, SABSA and ISO.

 

 

• Provide input and suggestion in improving and enhancing Information Security policies, procedures and security controls, and prepare / update documents relating to own domain.

 

 

• Participate in the incident response process and forensic investigations.

 

 

• Participate in the procurement process to ensure that, Cyber Security requirements and clauses are identified, agreed and documented to protect the interests of GIB and to avoid any regulatory non-compliances.

 

 

• Ensure that all the applicable regulatory and international security standards and requirements with regards to Cloud are identified, defined and implemented on cloud based solutions used by the bank.

 

 

• Ensure that Cloud solutions are periodically assessed for Cyber Security and provide recommendations to internal and external stakeholders.

 

 

• Support the bank in the transformation/migration of on prim solution to Cloud.

 

 

• Support and provide technical advisory/guidance to all stakeholders on Regulatory requirements with regards to Data Management and Data privacy.

 

 

 

 

 

 

Qualifications

 

 

University degree in Computer Science, Information Systems or Information Technology or a related discipline.  Technical Expertise with business understanding of the subject matter.

 

 

 

 

Professional Certifications

 

 

SABSA or TOGAF, CISSP, CISM, GIAC and / or other related certifications.

 

 

 

 

Experience

 

 

Minimum 8 years of progressive experience in a security architecture / security consultant / security analyst, preferably in a Bank

 

 

 

 

Skills

 

 

§  Strong knowledge of IT Systems,

§  Demonstrated analytical ability

§  Strong written & oral communication / presentational skills;

§  Good time-management skills;

§  Self-motivation and leadership attributes;

§  People management and relationship skills