Enterprise Security Architect – Services
This position reports directly to the Director or Security, R&D. This position will support the orchestration of all security architecture activities within the company’s product management portfolio, engagement with R&D, clients and Group Information Systems as the primary point of contact for security architecture and subject matter expertise.
Position Summary and Primary Objectives
The primary role is to understand the TPS product management strategy and service delivery model in line with its business requirements and go to market strategy. In conjunction with TPS business stakeholders, they are responsible for development and execution of the strategic business plan for the managed security portfolio of products and the security of the groups’ assets. They will lead and coordinate across all product management portfolios, technical staff so that an integrated security strategy and architecture is prepared and manifested in a periodically updated plan.
They are technology specialist and will provide senior mentorship, thought leadership and technical guidance to stakeholders & solution architects, specialists, developers and business development managers.
The Enterprise Security Architect has the responsibility and accountability for developing, and implementing the Information Security Architectural strategy. The Enterprise Security Architect is responsible for technical leadership for the Information Security function within TPS and liaising closely with other managers on matters of Information Security.
The Enterprise Security Architect is responsible for safeguarding against current and future security risks within TPS. This global leader will collaborate with the organisation’s key stakeholders and the broader company Information Security community to establish the vision, tenets, and comprehensive security strategy to mitigate risks and ensure the protection of business units that comprise TPS. They will leverage their technical expertise and strong business acumen to define establish appropriate milestones and actions to ensure the reduction of risk through the implementation of security controls and recommended mitigation strategies are delivered on, as committed to key senior management.
Main Duties / Key Accountabilities
- Provide technical leadership on security initiatives across the company
- Assist in recruit, lead, train, and mentor
- Leadership and direction for the TPS Information Security staff embedded and distributed throughout the organisation
- Lead cross-functional teams in implementing Information Security solutions throughout TPS.
- Liaison with and provide SME advice on Information Security matters such as BAU security activities, emerging security risks and relevant security controls, across the TPS functions (such as Research and development, Corporate IT Management, Governance, Risk & Compliance Management, HR and Legal, Product Engineering, Product Management and Operations) in addition to senior management, department heads and managers throughout TPS as necessary.
- Deliver a “Center of Excellence” for Information Security, offering internal consultancy, advice and pragmatic assistance on Information Security risk and control matters throughout the organisation and promoting the advantages of managing Information Security risks more efficiently and effectively
- Assist inplanning and budgeting to the value of Information Security & Certifications
- Develop a layered defense strategy to protect our assets
- Function as an internal consulting resource on Information Security issues and incidents
- Provide strategic Security Architecture and risk guidance for projects and products, including the evaluation and recommendation of technical controls and solutions
- Mitigate enterprise vulnerabilities and reduce attack surface vectors identified through Security reviews and controls implementation
- Execute risk assessments, Security Architecture design reviews, and project security reviews, ensuring key applications and products are assessed for risk
- Help ensure compliance with applicable data security laws, regulations, and customer requirements.
- Maintain reliable, up-to-date information on industry security trends in the GRC platform.
- Document and map the architecture of current security infrastructure.
- Security Architecture function
- Leads or commissions Information Security risk assessments and controls selection activities
- Leads or commissions ongoing review and analysis of internal and external security risks/vulnerabilities, and develop/implement cost effective, proactive risk mitigation programs.
- Security Engineering (build) function
- Leads or commissions Information Security controls build processes for Security controls, client build and new services build activities
- Security Assurance function
- Application Security best practices
- Security Testing for new projects, PCI compliance and annual BAU testing
- Vulnerability Management for new projects, PCI compliance and ongoing BAU activities
As corporate citizens they are excellent team players and exhibit excellent written and verbal communication skills. They display good presentation skills, are innovative and have a solid client orientation aptitude.
The Enterprise Security Architect Services has a service consulting aptitude, focusing on the business, service and sales aspects. The individual trains and coaches the sales team and when applicable teams of Engineers and Consultants to transfer knowledge of TPS products and services.
Vendor product, sales and technology certification is required. They use their previous technical project lead experience to guide successful implementation of a system solution.
They demonstrate impeccable attention to detail are able to translate internal customer requirements into solutions. The Enterprise Security Architect – TPS is resourceful and confidently handles pressure in critical situations, ensuring at all times that client (internal & external) requirements are
- Uses an integrated risk management approach to create executive-level perspectives on, and status reports about, all of the security risks that Services faces.
- Orchestrates and harmonises security-related business process standardisation, normalisation, documentation, and continuous improvement across services
Requirements: Education, Training and Experience
Degree / Certifications – Information Technology
Security Certifications – CISSP or equivalent (Highly Desirable), SABSA or TOGAF (Highly Desirable)
Experience – At least 5 – 8 years experience in Technology Information Security Industry
Personal Attributes and Skills Require