Life Healthcare currently has a vacancy for a Head: Information Security Architecture to be based at Head Office within the Group Information Security Department.
The role will focus on designing and developing security architecture patterns that meet regulatory obligations and data protection requirements as well as align with the business and corporate security strategy.
The role will collaboratively direct Security Architects and Security Engineers to design and build security controls and solutions compliant with approved architecture frameworks and standards.
Critical OutputsStrategy and Planning Create solutions that align enterprise security architecture frameworks and standards (e.g. SABSA, NIST 800-53, ISO 27001/2) with overall business and security strategy.Employ secure configuration management processes.Identify and prioritize system functions required to promote continuity and availability of critical business processes such that in the circumstance of system failure critical business functions are restored or recovered promptly.Design, build and implement enterprise-class security systems for a production environment.Align standards, frameworks and security with overall business and technology strategy.Design security architecture elements to mitigate threats as they emerge.Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.Derive the IT Security strategy from the overall Group Information Security Office (GISO) strategy and requirements and translate this into an operational plan for delivery for their area of responsibility.Drive integration of Group Information Security Office Initiatives, programs and central solutions and ensure alignment with the divisional portfolios.Be responsible for the adoption of centrally mandated Security Solutions and the maintenance of technical security documentation and compliance with security controls.Spearhead independent reviews of IT Security controls, prioritize identified issues and assess remediation actions for quality, considering the optimal cost-risk ratio as well as the strategically optimal resolution.Solid understanding of security protocols, cryptography, authentication, authorization and cloud security.Good knowledge of Network security, Cloud security, Infrastructure security, endpoint security, IAM etc.Knowledge of typical security devices such as firewalls, NAC, intrusion detection systems, AV and End Point security, Web Application Firewalls, anti-spam systems, event correlation systems, etc.Knowledge of network technologies, Windows and Linux administration with understanding of well-known applications like SAP and Service Now.Experience in penetration testing and vulnerability management.Act as a trusted advisor during engagement with the stakeholders in business, demand management and suppliers/vendors to ensure that any proposed technology solution is designed with a secure-by-design philosophy.Ensure that all the required mechanisms are factored into any proposed technology solution so that the solution is aligned to the security architecture, approved application landscape, policies, standards and guidelines and best practices.Engage with the requisite stakeholders at technology idealization or concept stage to ensure that information security risks are identified, quantified and either eradicated or mitigated successfully in the end solution design.Keep up to date with the latest threat and attack vectors and mechanisms to overcome them.Understand the business requirements and dependent security requirements. Design and implement security solutions to meet these requirements.Influence how security monitoring and assessments are conducted to achieve effective security controls.Collaborate with peers, to conduct effective risk assessments.Perform architecture peer reviews, design validations and signoffs.Input on the development of system designs, security policies, standards and standard operating procedures.Collaborate with stakeholders to ensure that security is integrated across all aspects of information sharing and technology delivery.Communication Document security requirements and controls for protecting information, systems, and technology assets.Define and document how the implementation of a new technology impacts the security posture of the current environment.Document and update as necessary all definition and architecture activities.Provide input on security requirements to be included in requests for proposals (RFPs), statements of work (SOWs), and other procurement documents.Communicate current and emerging security threats to project team members.Knowledge sharing with employees regarding security best practices.Leadership Provide guidance, mentorship and career development opportunities for the Team.Foster a collaborative and inclusive Team culture.Set clear expectations, providing regular feedback and conducting performance reviews for direct reports.RequirementsUniversity degree in Computer Science, Engineering, or related field (preferred).Minimum of 5-8 years of experience in Security Architecture.CISSP, CISA, CISM, or other relevant security related designation(s) preferred.Certifications in CISSP-ISSAP, TOGAF, or SABSA, cloud architecture (Microsoft, AWS, GCP).Experience in identifying gaps in existing architectures.Experience in designing security architectures to mitigate threats.Sound knowledge of security strategies and technologies.Good understanding of various data governance and regulatory requirements.Good understanding of IT operations and processes.Knowledge of computer networking concepts and protocols (e.g. TCP/IP, DNS) and network security methodologies (Identity, Endpoint, Application, Data and Network security).Knowledge of secure application development methodologies.CompetenciesPlanning and organizing.Technical and analytical.Deadline driven.Innovative.Management and leadership skills.Building relationships.Attention to detail.Resilience.Creative.DevSecOps.Email: ****** Closing date: Wednesday, November 27, 2024.
Internal applicants - Before making an application, you are requested to discuss your application with your line manager. External candidates will also be considered.
Life Healthcare is an Equal Opportunity Employer.
Thank you for your interest in this opportunity. Kindly note that only shortlisted candidates will be contacted. Applicants who have not been contacted within two weeks of the closing date of this advert, should consider their application as unsuccessful.
#J-18808-Ljbffr