Information Security Architect Job Description Template
Our company is looking for a Information Security Architect to join our team.
Responsibilities:
- Assisting the business in gaining and maintaining the ISO/IEC 27001 certification;
- Design and development of policies, standards and procedures to support the ISMS;
- Design and implement compliance metrics, KPI reporting;
- Oversee penetration testing services and remediation activity;
- Develop and manage risk remediation plans, evaluate security and privacy risks, balancing business drivers, best practices, and external drivers;
- Lead the delivery of information security work in coordination with Enterprise Architecture, Infrastructure Services and Service Delivery Management;
- Represent Information Security in the technical design authority committee, review and approve design documents;
- Design and formulate the ISMS scope, framework and structure;
- Assist the Information Security Officer in devising Information Security Strategy;
- Develop and maintain incident response procedures;
- Provide technical supervision and guidance from an information security standpoint to IT and business teams;
- Produce security risk assessments using formal risk methodologies based on threats.
Requirements:
- Experience in performing risk assessment, IT audits, security planning, systems accreditation and policy development;
- Experience with Incident response and digital forensics processes and procedures;
- Experience with operating systems, virtualisation, containerisation, networking, OSI model, TCP/IP & firewalling;
- Sound knowledge of industry best practices such as OWASP and NCSC guidance;
- Experience developing and maintaining written security controls, compliance monitoring, and defining treatment strategies;
- Experience with cloud services architecture (e.g. AWS, Azure);
- Experience with reverse engineering malware concepts and techniques;
- Experienced within information security;
- Knowledge of Dev Ops and Dev Sec ops;
- Experience in report writing, policy and standards writing, delivering presentations and developing dashboards/reports;
- Experience with scripting languages (e.g. PowerShell, Python, Bash, SQL);
- Proven experience in ISO27001 implementations;
- Proven experience in formal risk methodologies, risk management and risk treatment;
- Experience in process optimisation and automation;
- Good technical knowledge of network, infrastructure and application security.