Manager – Principal Security Architect: Secure Design (IC)
Job Description
Reports to: Senior Manager – Secure Design
Key Relationships
Business Aligned Principal Security Architects
CyberSecurity Engineering
CyberSecurity Testing and Vulnerability Management
Cloud Security
Identity Management
Security Architecture Design Forum (member)
Project teams
BISOs
Key Responsibilities
Develop Security Architecture Design Patterns and Standards to comply with group security requirements, industry standards, customer requirements, regulatory requirements and good practices.
Assist the development of and champion a Security Architecture control framework.
Research, design and document the security posture requirements and controls of new technology introduced into the Group. Engage with technology acquisition processes to ensure all new technology introduced is evaluated.
Research industry trends and regulatory requirements.
Lead the Security Architecture evaluation of risks identified in systems, including reviewing, and proposing tactical and strategic remediation plans, and evaluation of the cost / risk benefits of remediations.
Actively contribute to the adoption of secure by design practices, with technical delivery teams for both existing systems and new systems, e.g. use of internal or external guidance, leading Threat Modelling activity.
Nurture the use of secure technical practices to deliver technical excellence.
Support experimentation and innovation in solving problems
Supervise third parties in their deliveries related to the domain area
Provide company representation, internally and externally, related to information security, as needed.
Contributes to the development of metrics and their monitoring to report the effectiveness and efficiency of the Security Architecture function.
Contributes to the content and management of the Security Architecture intranet presence.
Team Responsibilities
Guiding and mentoring other team members as required
Deputising for Senior Manager - Secure Design when required
Critical Deliverables
Developing and prioritising the security design pattern library
Developing and delivering the security design patterns – individually or in conjunction with other teams, as necessary
Working with the neighbouring security teams and delivery projects to address emerging areas of secure design guidance and interventions
Developing security architecture interventions in business specific process for acquiring and developing new technology
Contributing to the development and reporting of metrics for the Secure Design team, within the broader Security Architecture function
