Information Security Architect

Be the first to see
all new Information Security Architect jobs

Information Security Architect Job Description Template

Our company is looking for a Information Security Architect to join our team.

Responsibilities:

  • Assisting the business in gaining and maintaining the ISO/IEC 27001 certification;
  • Design and development of policies, standards and procedures to support the ISMS;
  • Design and implement compliance metrics, KPI reporting;
  • Oversee penetration testing services and remediation activity;
  • Develop and manage risk remediation plans, evaluate security and privacy risks, balancing business drivers, best practices, and external drivers;
  • Lead the delivery of information security work in coordination with Enterprise Architecture, Infrastructure Services and Service Delivery Management;
  • Represent Information Security in the technical design authority committee, review and approve design documents;
  • Design and formulate the ISMS scope, framework and structure;
  • Assist the Information Security Officer in devising Information Security Strategy;
  • Develop and maintain incident response procedures;
  • Provide technical supervision and guidance from an information security standpoint to IT and business teams;
  • Produce security risk assessments using formal risk methodologies based on threats.

Requirements:

  • Experience in performing risk assessment, IT audits, security planning, systems accreditation and policy development;
  • Experience with Incident response and digital forensics processes and procedures;
  • Experience with operating systems, virtualisation, containerisation, networking, OSI model, TCP/IP & firewalling;
  • Sound knowledge of industry best practices such as OWASP and NCSC guidance;
  • Experience developing and maintaining written security controls, compliance monitoring, and defining treatment strategies;
  • Experience with cloud services architecture (e.g. AWS, Azure);
  • Experience with reverse engineering malware concepts and techniques;
  • Experienced within information security;
  • Knowledge of Dev Ops and Dev Sec ops;
  • Experience in report writing, policy and standards writing, delivering presentations and developing dashboards/reports;
  • Experience with scripting languages (e.g. PowerShell, Python, Bash, SQL);
  • Proven experience in ISO27001 implementations;
  • Proven experience in formal risk methodologies, risk management and risk treatment;
  • Experience in process optimisation and automation;
  • Good technical knowledge of network, infrastructure and application security.