Job Title: Security Architect
Job Location: Riyadh, Saudi Arabia
Degree Bachelor’s in Computer Science or related field
As a Security Architect, you will help shape security innovation and play a key role in the evolution of our client's enterprise architecture and security functions. You lead the security architecture, initiative to provide security guidance for the enterprise technology environment, with the goals of maturing our client’s infrastructure and application security policy and technology frameworks, improving overall security posture and cultivating culture of security-awareness. Working with application architects, you will help develop and standardize the security architecture, define and lead security assessments and make security designs. You will be a security advocate and will advise key stakeholders and service owners on security risk management and how to effectively balance security and business requirements, while providing expert advice during security incidents, communicating mitigation strategies to both technical and non-technical audiences. The ideal candidate must possess extensive experience architecting multisite secure computer systems, demonstrate excellent communication skills and have a passion for security.
This Security Architect is responsible for providing thought leadership and security-related subject matter expertise around a wide range of technologies and business initiatives.
Key responsibilities include:
- Serve as an information security advisor to key technology and business stakeholders, establishing trust relationships through active engagement and collaboration
- Determine security requirements by evaluating business strategies and requirements; research information security standards; conduct system security and vulnerability analyses and risk assessments
- Act in an advisory role in application development and acquisition to assess security requirements and controls and to ensure that security controls are implemented as planned with focus on Microsoft development Framework.
- Research and assess tools to help manage security analysis, process, and risk
- Provide mentoring and technical leadership to the Information Security teams
- Act as SME and provide third-level support and analysis during and after security incidents
- Perform gap analysis across the organization to identify and document risk and to identify unnecessary complexity in existing processes and procedures; work with service and application owners on mitigation strategies
- Develop and deliver security roadmaps to communicate security state and remediate or mitigate top risks across products and businesses
- Conduct security reviews of application architectures to assess technical and business risk, identify threats and vulnerabilities, and propose solutions
- Create and maintain security architecture guidance to be used by other architects, engineers, analysts and administrators
- Work with solution owners to develop and maintain threat models
- Develop test plans for security verification and assist development teams with security testing methodologies and tools
- Work with development teams to define and operationalize secure development practices
- Perform security design and code reviews with development teams
- Remediate complex security issues
- Participate and lead in security compliance audits.
- Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- Work with law enforcement, government groups, HR, Legal, Audit, and other business units to coordinate investigations and cyber incident response activities.
- Work with closed intelligence sharing groups to coordinate investigations and cyber response activities.
- CISSP or/and CISM
- ISO27001 Lead Auditor or/and ISO27001 Lead Implementer
- 12-15 years of professional experience, with 8+ years of experience in information security and/or IT risk management
- 5 + years of hands-on experience as a security practitioner, implementing a variety of solutions across multiple disciplines
- 5+ years of experience architecting solutions with a concentrated focus on security, performance, scalability, and reliability
- 5+ years' experience performing network and application security penetration testing and/or threat assessments
- Bachelor s degree (Preferred Master’s) in Information Technology, Computer Science, or related field.
Additional Preferred Qualifications
- SABSA, TOGAF, GIAC certification(s)
- 5+ years programming/scripting experience – one or more of: C, C++, Java, Perl, PHP, Python, shell
- Experience in adherence in either FIPS, ISO 27001 or BS177992 standard.