Security Architecture Manager

The Security Architecture Manager Leads the development of comprehensive security architectures, guidelines, and policies for networks, systems, applications, and data, ensuring the protection of sensitive information and mitigating potential risks. The function leads the development of automated security solutions to streamline security operations, increase efficiency, and reduce manual effort. It plays a focal role in the development of the company's security strategy, to ensure its alignment with business goals, regulatory requirements, and software development security practices. The Security Architecture Manager will collaborate closely with cross-functional teams to design and maintain security solutions, develop security policies, and lead incident response efforts. This role demands a profound understanding of ISP operations, cyber-security best practices, and the ability to adapt to evolving threats

Job Duties:

• Contribute to the development of the company's security strategy, to ensure its alignment with business goals, regulatory requirements, and software development security practices.
• Advise management on strategic security initiatives and projects, providing insights and recommendations to enhance the organization's security posture and to align security solutions with business objectives and risk appetite.
• Create and manage a roadmap for security enhancements and risk mitigation.
• Ensure compliance with security requirements, guidelines, and industry standards.
• Oversee security incident response activities, coordinating with internal teams and external partners to contain and mitigate security threats.
• Conduct vulnerability assessments and penetration testing for both network and software components.
• Identify vulnerabilities and design appropriate security controls to address any gaps.
• Lead proof of concept (PoC) evaluations and the deployment of security solutions such as firewalls, intrusion detection/prevention systems, data encryption, access controls, and identity and authentication management systems.
• Stay abreast of the latest security threats, vulnerabilities, emerging technologies, and industry trends to proactively address emerging risks. Continuously evaluate and recommend new security solutions to enhance the organization's security posture.
• Provide technical and security expertise to IT and business teams to identify security technology solutions and develop security reference architectures and strategies to achieve business results
• Foster a culture of security awareness throughout the organization, conducting training sessions and awareness campaigns.
• Ensure compliance with relevant industry standards, such as ISO27001, and lead efforts to obtain necessary certifications.
• Enhance the company's MSSP offerings, ensuring effective security monitoring, threat detection, and other services.
• Be the liaison between customers and product teams for security requirements
• Work closely with other development team to align the security requirements and the solution design with business needs
• Function as cyber security thought leader

Requirements

• Bachelor degree in Computer Science, Computer Engineering, or STEM majors.
• (10+) Years of Experience in Information Security.
• (5+) Years of Experience in a leadership or architect role within an ISP or similar complex network environment

Knowledge:

• Expertise in information security industry standards and frameworks such as NIST CSF, ISO27001, CIS controls, SABSA, SANS, CobIT and ITIL.
• Deep understanding of cybersecurity principles and best practices
• Strong knowledge of security architecture principles and design.
• Proficiency in designing and implementing network security solutions.
• Strong knowledge of common security libraries, security controls, and common security flaws.
• Expertise with DevOps and DevSecOps
• Expertise in designing and implementing security solutions
• In-depth understanding of network and system security technologies and protocols.
• Strong knowledge in cloud security concepts and experience with securing cloud-based environments (e.g., AWS, Azure, GCP).
• Proficient in conducting security assessments, vulnerability assessments, and penetration testing.
• In-depth understanding of incident response procedures, including incident handling, containment, eradication, and recovery.
• Relevant certifications such as CISSP, CISM, CISA, or equivalent are a plus.