Vhi have a full time permanent vacancy for the role of Information Security Architect. The Information Security Architect is responsible for providing oversight, risk assessment and security architecture support and guidance to IT, IT Security and business teams for new system implementations and system change initiatives. The person will be responsible for participating in an end-to-end approach to reduce risk across the IT and business environment and will be a key stakeholder in approving proposed security architectures and designs through consultation with business owners, project teams and IT Security.
Primary Responsibilities will include but are not limited to:
Oversee IT Security risk assessments and evaluations of Vhi project and change initiative proposals and the proposed solutions' ability to meet system and security requirements, recommending mitigating controls for identified limitations and risks
Work closely with IT Security, business analysts, solution architects and project managers to ensure security requirements are effectively addressed in all phases of project lifecycles
Review and contribute to the definition of functional and non-functional business requirements
Evaluate as-is and to-be IT security risks and controls including leveraging industry standards and practices for designing the future state solutions.
Participate in defining enterprise and application security controls and standards for production systems
Assist in identifying and assessing risk as part of the overall IT Risk Management process
Evaluate various technologies for suitable inclusion in IT solution designs
Participate in the discovery, documentation and refinement of business requirements to ensure alignment with technically viable solution designs
Participate in technical incident management and troubleshooting as needed
Draft Information Security policies, standards and guidelines as required and review technical standards produced by IT and others
Minimum 5+ years' experience in Information Security and security architecture
Relevant third level qualification
Professional certifications in relevant domains such as CISSP, CISM, CRISC, CCSK, SANS GIAC.
Deep understanding of the role of Information Security in IT risk management and controls
Deep understanding of the role of IT Security software engineering and application development methodologies in a complex multi-project environment
Prove experience in cloud and associated security technologies would be advantageous.
Proven experience to review IT Security architectures for complex multi-component systems
Demonstrated experience in reviewing conceptual, logical and physical IT security architecture deliverables
Ability to research alternatives, make recommendations and influence decisions to reduce risk
Ability to work collaboratively with individuals within both the technical community and senior leadership
Demonstrated alignment to the Vhi values.