Enterprise Security Architect
Reporting to the Head of Information Security, the Enterprise Security Architect will play an integral role in defining and assessing An Post’s security strategy, architecture and practices. This role has responsibility for developing practical and versatile security requirements, security architecture blueprints and processes, and ensuring that new and existing services are securely implemented through the selection and use of appropriate controls and supporting processes. This is a new role on the Information Security team and the successful candidate will have the opportunity to lead and shape security standards and practices across An Post.
The principal responsibilities associated with the role include, but are not limited to:
Knowledge & Experience
- Developing security strategy plans and roadmaps based on sound enterprise architecture practices for our cloud and on premise environments
- Developing and maintaining security architecture and design standards, policies and processes, models and templates to support the overall Security Strategy and associated frameworks
- Developing and maintaining a security architecture process that enables the organization to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
- Collaborating with enterprise architecture, infrastructure, application, security and operational teams to advise and recommend on security technologies, and identifying and driving resolution on security aspects of projects and issues
- Supporting the development of the Information Security Governance, Risk and Compliance function through the development of architecture driven GRC controls
- Providing expertise, direction and oversight to operations teams when defining security controls to meet existing and future needs and in response to the changing threat landscape
- Conducting information security architecture reviews and threat assessments against new and existing applications and services, for both on premise and cloud applications, addressing current and emerging information security and compliance requirements of the organisation
- Developing and coordinating the implementation of information security architecture and security controls to address the current and emerging information security and compliance requirements of the organisation
- Connecting with third party vendors to ensure the appropriate tools, configurations and workflows are in place
- Coordinating the application security testing program from risk identification through to remediation
- Identifying cybersecurity trends with regards to adversary tactics/methodologies, and techniques that could impact the organisation and ensuring that these are adequately addressed in security strategy plans and architecture artefacts
- Proactively investigate and research new threats to the organisation and propose solutions/actions to mitigate
The successful candidate will ideally have 10 years’ experience in Information Security with at least 3 years in Security Architecture. You will have a significant knowledge of major cybersecurity architecture concepts, technologies, and standard methods, and willingness to dive into new areas. Deep expertise with several of the following cybersecurity areas are key; network security, application security, API security, container security, cloud infrastructure configuration, identity and access control, modern authentication and authorization protocols, endpoint security, mobile security, Microsoft workplace and Office365 Security and Zero Trust principles. A relevant professional certification such as CISSP, ISSAP, CCSP, SANS GIAC or similar is beneficial and a relevant third level qualification is advantageous. A background working in Financial Services and familiarity in the implementation of security standards in regulated environments will also be considered an advantage.
You will have a strong understanding and application of Cloud Security, Architecture, Secure SDLC, Governance and Compliance controls and processes and experience in using architecture methodologies such as SABSA, Zachman and TOGAF. You will have an excellent understanding of frameworks and standards such as NIST, CIS, PCI-DSS, ISO27001:2013, PSD2 as well as good knowledge of the Mitre ATT@CK framework and protection strategies, advising on implementation of detection and prevention controls where possible. A proven knowledge of systems implementation and management, including configuration of access controls, security settings, patching and change management is beneficial. You have strong problem solving and analytical skills with the ability to effectively influence and communicate.
The following competencies are essential to the delivery of results and/or to superior performance in this role:
About the Benefits
Attention to Detail
- Problem Solving and Analysis
- Decision Making/Judgement
- Influencing and Gaining Commitment
- Technical/Professional Knowledge
How to Apply?
In addition to a highly competitive remuneration package we offer access to the following:
We welcome all interested candidates to submit a detailed CV to firstname.lastname@example.org by 5.00pm on 15th October 2021.
An Post is an equal opportunity employer, celebrating diversity and championing inclusivity. If you require any reasonable accommodations to assist you in participating in the employee selection process, please simply let us know. We heartily encourage all interested parties to apply!
About An Post
An Post is one of Ireland’s leading organisations, offering financial and postal services as well being a trusted gateway to government services. We are transforming from the old world of traditional letters and cash to the new digital world of e-commerce parcels and financial services. The An Post Corporate Centre supports and drives the bold strategic moves we’re taking as an enduring, profitable business in the digital world.
An Post’s core purpose — to act for the common good, improving the lives of people in Ireland, now and for generations to come — is aligned with the United Nations Sustainable Development Goals, putting sustainability at the centre of everything we do.
We are committed to digital transformation enabling us to build customer-centred competitive services. Read more about our strategy and our progress here today!