Security Architect

We are looking for candidates who come from a seasoned security architecture background specializing in helping a variety of specialized business domains and support services within a large enterprise, based on industry and enterprise compliance requirements and relevant threat intelligence.

We are evolving how we do security architecture. We want to do architecture by ‘doing’ and not just ‘drawing’. There is a fundamental shift towards a solution-driven culture of security architecture and if you share our passion for this change, this could be a very exciting opportunity to join us and contribute to this change.

What you’ll be doing:

• Based on Information Assets Classification, perform security risk assessments for change and BAU initiatives.
• Based on established enterprise security policies, industry standards, and current threat landscape, derive recommended security controls as part of security control assessments.
• Help enterprise security assurance team in identifying abuse cases to be tested to ensure identified controls are implemented.
• Develop and maintain security patterns for consumption, including maintenance of the links to the security control framework.
• Ensuring the backlog for patterns is groomed, managed, and complete working with service teams.
• Assess cloud services provided by public cloud vendors against current threats and company security policies, standards, and guidelines.
• Consult and SME input into architectures for data and infrastructure security as per controls objectives specified.
• Perform security risk and control assessments for 3rd party solutions.
• Together with asset owners, review security risks and findings on an ongoing basis.
• Responsible for selection and governance via appropriate architecture forum of security-related technology choices.
• Work with stakeholders within and outside of enterprise security team to develop residual risk statements.

Skill & Experience:

• Experience in defining and maintaining overall security architecture in an organisation with a heavy focus on data is the key. You will have demonstrable experience in working with key stakeholders within and outside of enterprise security, technology, and enterprise operations.
• Knowledge and experience with compliance regimes and standards like APRA CPS, APP, PCI DSS, and GDPR.
• Good working knowledge of control frameworks like NIST 800-53.
• We are looking for candidates with a hands-on view of the world of technology in addition to a strategic mindset.
• Our target platforms are built with cloud-first in mind so experience with public cloud platforms like AWS, GCP, and Azure is ideal but not essential.
• Experience with direct/indirect data protection technologies like DLP, CASB, IAM, Secure Communications, Secrets Management, Subject Rights Management, File/Email/DB encryption, etc. is required.
• This role requires excellent problem-solving, communication, and presentation skills.
• Experience in financial industry is a plus.

Salt is acting as an Employment Agency in relation to this vacancy.