Lead Security Solution ArchitectAmsterdam
For our client in Amsterdam we are looking for a Lead Security Solution Architect.
The Lead Security Solution Architect is responsible for the Enterprise wide security architecture focusing on Application and Technology security domains. The incumbent will work within the Enterprise Architecture team directly reporting to the Chief Enterprise Architect and closely collaborate, with Project Managers, technical Engineers, Business Process Owners and various other technical and non-technical stakeholders across the group.
The Lead Security Solution Architect work closely with the IT Security Management team who are responsible for defining the Information Security strategy, policies, standards, processes and procedures and technology, and for monitoring compliance with security requirements and addressing any security issues.
The Security architects also work closely with the main application development programmes and external partners in implementing key security architecture components and processes.
As a member of the international Enterprise Architecture team you will have responsibilities for defining security solutions that align with the strategic security architecture. As a Security Solution Architect, you will lead colleagues (both in and outside Enterprise Architecture) in ensuring that Business needs are met in a way which aligns to the requirements of the Security Architecture, and Information Security Policy. This role therefore requires both strong analytical, technical and communication skills. A key focus will be on identity management, authentication and authorisation using Oracle Identity Management tools to support transformation programme.
Whilst reporting to the Chief Enterprise Architect, you will also work in close co-operation with various application development, Service Delivery and Infrastructure teams across countries – particularly with 2 core business transformation programmes that are already in progress.
- To be the Security Solution Architecture point of contact for Business Transformation
- Analysis of business requirements and ownership of design and redevelopment of Access Control measures for systems, ensuring that they meet not only the business needs, but also legal, regulatory and compliance requirements and that these are suitably audited.
- Close cooperation with external partners on security related designs and services.
- Providing support to Programmes, and complementary business requests, to provide practical, realistic solution designs as to how to meet business needs, whilst reducing the level of risk.
- Educating personnel and raising awareness across Security best practice.
- Remaining abreast of Information Security (and general technological advances and their implications for Information Security) both within the company and in the broader cyber security ecosystem.
- As Security Solution Architect you will be expected to translate policy statements and theoretical best practices into practical advice for application designers / developers, operational colleagues and Architectural strategy for the future.
- Actively driving Information Security so that is embedded as “Business as Usual” across other teams within ITS, IT systems and processes and more broadly, across the whole of the Company Group.
- Relevant Information Technology and Information Security knowledge (and ideally certification such as CISSP / ISSAP / GIAC/ CEH). Applicants without relevant Information Security certifications (or a related degree) will be considered, but will be expected to have demonstrable knowledge of Information Security Architectural concepts and best practices.
- Demonstrable experience of having worked on implementation of an enterprise IAM solution (ideally involving the Oracle Identity Management suite (OID, OIM, OAM), including leading the translation of Business Requirements into technical implementations which reflect the business needs. Additional experience of other access control and identity management systems will be valuable.
- Experience of having worked on the architecture of large, multi-division/multi-business unit organisations. Ideally this experience should include multi-international sites.
- Demonstrable experience of both implementing and managing an ABAC / entitlements system. Understanding of RBAC / ABAC concepts and possible usage.
- Hands-on experience in embedding ABAC into the application stack.
- Demonstrable experience of having worked within Information Security as an analyst or engineer is highly desirable.
- Familiar with security standards (e.g. ISO27001/2), good practice (e.g. OWASP) and main cyber security related regulations.
- Architecture certifications like iSAQB CPSA, CCXP or TOGAF are a plus.
- Right to work in the EU and the UK.
- The successful applicant will occasionally be required to travel (mainly Western Europe) for short periods of time, as and when the need arises.
- Fluency to a high degree in English is required, but additional language skills (in particular Spanish) will also be valuable
- Resiliency; the Business’ transformative period will be especially challenging for IT department and individuals will need the ability to absorb setbacks and disappointments, without becoming upset or demotivated.
- A finisher; a person who is able to initiate and manage a course of action through to its completion, from end to end.
- Strong communication and influencing skills, being able to translate complex aspects into relevant and easly comprehensible communications.
- High standards of professional integrity, which are retained in the face of opposition.
- Comfortable and effective working autonomously, without constant supervision and to be able to make your decisions and justify and defend your chosen courses of action.
- Professional bearing and an eloquent communicator; coming across as an credible expert in your field and inspiring confidence at all levels in the validity of your advice.
- Pragmatic and realistic, rather than just citing “theoretical ideals”; provide meaningful, acceptably-secure compromises, or novel, secure alternatives to insecure solutions.