Senior Solution Architect at Old Mutual South Africa

Job description

Key focus of the role:

The security solution architect is responsible for architecting the security solutions for various projects. Working in close conjunction with the OM security architect and other solution architects, the individual is responsible for ensuring solutions adhere to the information and security policies and controls within the organisation, whilst contributing to the solution architecture project deliverables. Where adherence is not achievable, either acceptable alternates are to be proposed or associated business risks are to be highlighted.

Role Description

Primary Tasks:

• Documenting and understanding cross-functional business requirements in regard to information security, legal-regulatory compliance and risk management.
• Interpreting/translating cross-functional business requirements in to information security, legal-regulatory compliance and risk management solutions for specific projects and initiatives.
• Defining and documenting security solution architectures for Security-specific initiatives ensuring compliance to defined Enterprise and specifically Security Architecture Principles and roadmaps.
• Designing and documenting security controls as well as security components for broader business-related initiatives and solutions.
• Ensuring that the Information Security Policies and Standards are enforced and adhered to.
• Contributing to the Information Security Policy, and developing and maintaining a supporting set of specific technical policies and standards, ensuring appropriate authorization, commitment and endorsement from IT and business management stakeholders.
• Educating and assisting business units within the Group with security compliance and evaluating initiatives against the defined Security Architecture Principles.
• Promoting education and awareness of information security principles, policies and standards across OMSA.
• Ensuring all changes are assessed for impact on all security aspects, including the Information Security Policy and security controls.
• Review of solution documentation (both internal and vendor) and the formulation of recommendations for improvements and alignment with IT and business strategies.
• Performing security tests and assessments of submitted architectures and design from a security perspective.
• Able to drive technology choices and decisions through necessary governance processes and forums.
• Participating in any security reviews arising from security breaches and initiating remedial actions.
• Ensuring that the confidentiality, integrity and availability of the services designed are maintainable at the levels agreed in the S/OLAs and that they conform to all relevant statutory requirements.
• Working alongside enterprise security architect to review proposed solutions relative to the Information Security Policy and Security Controls.
• Working alongside the enterprise security architect to identify gaps and propose solution in the current security architecture.
• Assess impact of updates and additions to the OM security architecture and inform solution architects of potential impacts to existing architectures for projects.
• Supporting (ad-hoc) Tasks
• Designing security controls and developing security plans.
• Performing security risk analysis and risk management in conjunction with availability and IT service continuity management requirements.
• Assisting with Business Impact Analysis.
• Acting as a focal point for all security-related issues should the need arise.
• Identifying and classifying IT and Information assets (Systems and Data) and the level of control and protection required.
• Maintaining a set of security controls and documentation.

Qualifications and experience:

Role Requirements:

• Degree in Information Technology/Computer Science/Engineering from a recognized tertiary institution or equivalent experience.
• CISSA or CISSP Certification will be added advantage.
• CCNA, CCDP, CISM, Security+ and TOGAF Certification will be added advantage.
• Knowledge and experience of using TOGAF, Zachmann, SABSA will be beneficial.
• ITIL Certification will be added advantage
• 8+ years’ experience in the security management and security architecture and/or design arena.
• 8+ years’ proven knowledge and experience with platform, data, application, integration and network security design.
• Understanding of various technologies in the applications, data and integration arenas with specific knowledge of cryptography and other security aspects thereof.
• Understanding of various technologies including firewalls, intrusion prevention, routing, switching, unix and windows servers as well as virtual environments and storage technologies and the security aspects thereof.
• Knowledge of Security Management principles.
• Good understanding and experience with legal and regulatory compliance requirements locally and abroad.
• 1-3 years’ experience with Leadership and Team skills.
• Ability to work with cross-functional teams of global operations, business analysts, system integrators, testers, developers, designers and architects.
• Demonstrated experience in moving projects from initiation through deployment and handover to operations.

Desirable attributes:

• Understanding of SDLC, ITIL processes.
• Technical agility
• Detail level (in-depth) Data, Application, Network and integration layer Security knowledge.
• Attention to detail.
• Good communication across all levels.
• 1-3 years’ experience in Project Management.
• Sense of urgency.
• People Management.
• Time Management.

Competencies

• Strategic
• Leading with Influence
• Innovation
• Execution
• Customer First
• Personal Mastery
• Collaboration