Senior Security Architect at DotModus

Job description

The Security Architect is focused on the Africa technology estate, doing what is right for the Africa business while
aligning where possible to group strategy, ensuring it is designed and built to appropriate levels of security,
through production and maintenance of security architectures. With specific emphasis on Innovation:
Architecture, Design and Build Innovation and Application Security Services with priority on mobile, digital and
data services.

The core purpose of this role is to help shape strategy and drive consistent implementation that enables the
business to pursue their digital agenda. The role will require you to work with the PMO office, architects,
engineers, application and infrastructure teams including the Lead Security Consultant risk team on the promotion
and adoption of strategic security components and services.

Working with these teams; you will assist in the development of plans, roadmaps and secure patterns and provide additional assistance on the specifics of the integration with the strategic security services. You will also liaise with
the core engineering functions for these services to ensure the services are meeting security application and
infrastructure requirements.

• Produce and Maintain a complete set of security architectures and designs and drive
  compliance to them [30%]
• Shape and steer security architectural designs and decisions in technology forums
• Work with architects from the business line, infrastructure & application teams to ensure that security is ‘architected’ into their specific architectures, roadmaps and implementations.
• Engage with business stakeholders and the Lead Security Consultant team to understand their propositions such that their goals can be achieved securely or where necessary with full understanding of the risks involved.
• Support the development and deployment of security solutions [50%]
• Establish core relationship with the development/infrastructure and application teams and ensure strong security practices are adhered to.
• Develop and maintain a roadmap of integration of security solutions with development & infrastructure teams.
• Initiate and where necessary lead any strategic security projects whether in security or elsewhere in the company.

Evaluate emerging technologies and enable effective exploitation [10%]

• Build strong relationships with technology providers to identify security technologies that could add value to Barclays and introduce them to the wider design and development community.
• Ensure that new technologies are exploited in a controlled and expedient way in alignment with the agreed architecture, working closely with the development community across Technology.

Design Governance [10%]

• Participate in the global design governance frameworks to review proposed application and infrastructure designs
• Review and approval where appropriate of design and solutions presented at the
• Africa forums.

Education and Experience Required

• NQF level 6 B Degree
• 10 years (technical/lead) experience in technology
• 8 years Security Architecture experience preferably within a financial institution

Preferred additional Education and experience

• CISSP-ISSAP
• SABSA
• TOGAF

Competencies: (Maximum of 8 competencies)
Essential

• Experience in defining security architecture within a global organisation to improve compliance, preferably gained within the financial services industry
• Track record of large-scale global delivery in security design and the building and deployment of security infrastructures
• Experience of engaging with key senior stakeholders and helping them understand their business propositions security and risk profile

Technical Knowledge

• Excellent understanding of security strategies and technologies in a large enterprise
• Experience of enterprise architecture processes such as TOGAF and SABSA
• Comprehensive grasp of emerging security technologies for mobile and digital channels
• Understanding of mobile and emergent threats in the digital space
• Knowledge of common mobile device and associated application architectures including core infrastructure and applications services as well as peripheral applications/services.
• Functional and developmental knowledge of programming languages
• Knowledge of Identity, federation and authentication technologies (eg SAML, OAUTH)
• Solid understanding of Web Services technologies (eg. XML, .NET, JAVA)
• Solid understanding of core and backend big data solutions and associated security controls.

Internal & External IT environment

• Can describe key aspects of strategic system and technology development plans
• Can discuss company’s position vis-à-vis security related trends and outline implications.
• Experienced with consulting on security architecture and technologies
• Superior communication skills to interface with both technology and senior management.
• Has proven experience in security architectural considerations for cross-functional cross-platform applications
• Familiar with integration and implementation issues and their architectural implications

Business knowledge

• Ability to identify specific information security policy/standards/architecture deficiencies within the global organisation and develop and drive cross-functional correction strategies.
• Appreciation and integration of how security risk applies to business propositions and not just technology