Information Security Architect (ISA)
About the job:
We have a vacancy for an Information Security Architect within our Information Security Office. The incumbent will direct, develop, maintain and implement an enterprise information security architecture aligned with the strategic and business objectives of the business, as well as legislative and technical context.This position is based in Pretoria.
- Research, stay abreast of, develop and maintain an interpretation of applicable legislation and regulations relating to information security, industry standards and international information security best practice as applicable to and appropriate for the business and all areas of research and development;
- Direct, develop, maintain and implement a business-wide enterprise information security architecture, as well as supporting information security capabilities and controls, in support of and aligned to the business, legislative and technical context, of the business
- Develop metrics and measurements to determine the maturity and effectiveness of the information security strategy and architecture execution within the business
- Develop and manage the application of information security architectural principles within solution architectures and designs in order to reduce risk and drive adoption of and adherence to the information security strategy and governance;
- Anticipate the impact of the latest ICT and information security trends and technology changes on the business, and ensure that the business's enterprise information security architecture is evolved, and affected through the information security program;
- Provide insight into and strategic recommendations for the information security aspects of the business ICT strategy and any new ICT trends;
- Participate in, actively influence and contribute to business and ICT planning initiatives in order to ensure appropriate alignment with the information security strategy and consideration for information security requirements and controls;
- Conduct in-depth information security reviews and assessments of new and/or existing systems, applications and/or programs and design solutions or recommendations for the remediation or mitigation of risks or insecure design;
- Collaborate with and provide authoritative advice and expertise to various key stakeholders, as well as solicit their requirements and involvement in achieving higher levels of enterprise information security;
- Collaborate with and provide authoritative advice and expertise to the enterprise and solutions architects and ensure information security requirements and controls have been incorporated into our enterprise architecture, as well as new and/or revised architectures and designs
- Develop, drive and implement the incorporation of information security controls into various internal security frameworks, methodologies, governance practices and control points.
- A Bachelor’s degree in information technology/systems, computer science, computer/electronic engineering or related field with at least ten years’ information technology experience, of which six years must be in information security and three years must be in information security architecture;
- A security clearance certificate or must be prepared to undergo a clearance process, nothing should preclude the individual from obtaining security clearance;
- Experience in interpreting and understanding an organisation’s legislative, technical and business environment;
- Experience in designing and implementing an enterprise information security architecture;
- Experience in reviewing of and incorporating information security controls and capabilities into various architectures and designs;
- Experience in implementing international information security standards and best practice such as the ISO 27000 series;
- Experience in a broad range of information security domains, as well as technical experience in various information security technologies and their associated capabilities;
- Experience with presenting information security concepts and ideas in a non-technical business-friendly language appropriate to the target audience.