Working for an SI on a key enterprise account, as a Security Architect of SaaS & PaaS Security you will work across SaaS / PaaS information security and risk management. The architect will define technical security standards, constraints and effective security controls in line with the industry best practice. The successful candidate will be a good communicator with deep technical skills and pragmatist. The person must collaborate globally and guide project teams in the right security architecture and design.
Main tasks and responsibilities:
In addition to the accountabilities listed above in the role overview:
- Contributes to development and maintenance of the SaaS/PaaS governance, strategy, and roadmaps with specific focus on SFDC (SalesForce) and other cloud service providers
- Develops and enforces security policies and procedures for private, public and hybrid clouds of client
- Identifies gaps in security of clients SaaS & PaaS environments
- Designs security measures and an overall security architecture for the cloud landscape in line with the client security policy framework
- Ensures Information Security regulatory compliance
- Supports audits of security policies, procedures and solution implementations
- Collaborates closely with other Security Architects and IT Architects on application security related matters and on projects
- Promotes IT Security culture
- As the role is part of a global organisation, willingness for required travelling is important.
- 10+ years of IT experience
- 4+ years as information security architect
- 2+ years as a security expert, designer or architect of cloud based solutions including SFDC, AWS or Azure
- At least 5+ years of experience of working in or providing IT services to a large enterprise
- Should demonstrate leadership skills: >2 years’ experience in management or lead positions in a matrix organisation
- Experience in reporting to and communicating with senior level management (with and without IT background, with and without in depth risk management background) on information risk topics
- Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills.
- Excellent understanding and knowledge of general IT infrastructure technology, systems and management processes
- Experience of sourcing complex IT services, working closely with vendors and making full use of their capabilities
- Proven experience to initiate and manage projects that will affect other divisions, departments and functions, as well as the corporate environment.
- Good understanding and knowledge of regulated industries, preferably pharmaceutical industry. Good understanding and knowledge of business processes in a global industry, preferably pharmaceutical industry
SKILLS/JOB RELATED KNOWLEDGE
- Excellent understanding and knowledge of cloud governance, technology, and management processes
- Excellent written and verbal communication and presentation skills; interpersonal and collaborative skills
- Good mediation and facilitation skills
- Good knowledge of IT Project Management
- Experience with compliance requirements (e.g. SOX, GxQ / CSV, E-compliance, Records Management, Privacy).
- Knowledge of (information) risk management related standards or frameworks such as COSO, ISO 2700x, CobiT, ISO 24762, BS 25999, NIST, ISF Standard of Good Practice and ITIL
- Good understanding of network design, dataenter design, perimeter design, LAN design, WAN design, Firewalls, Intrusion Detection Systems, Firewall Rule Management, Deep Packet Inspection, Packet Capure and interpretation of packet capture, Web Application Firewalls, Network Based attacks and Detection Techniques
- High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
- Ability to handle competing priorities, and seeking consensus when stakeholders have different or even contradicting opinions.
- Fluency (written and spoken) in English
- University working and thinking level, degree in business/technical/scientific area or comparable education/experience
- SFDC and AWS or Azure Solution Architect certification
- Professional information security certification, such as CISSP, CISM or ISO 27001 auditor / practitioner is preferred. Professional (information system) risk or audit certification such as CIA, CISA or CRISC is preferred
- Contractor – competitive rate