Cyber Security Consultant Reference number: 2491

Job description

Looking for a Senior Cyber/Enterprise Security Architect / Consultant who will help our client in this very challenging opportunity

What you'll do

• Develops and maintains the present and future state architecture models for various security capabilities (e.g., GRC, trust management, identity & access management, certificate life cycle management, secrets management, etc.), translating security requirements into reference architectures and secure design patterns
• Conducts in-depth architecture risk assessments, including threat modelling, for various IT and telco infrastructure domains (e.g., telco cloud, APIs, microservices, SDN, confidential computing, etc.)
• Conducts architecture compliance assessments
• Guides delivery teams in the selection and implementation of security controls
• Occasionally serves as a solution architect for the design of an enterprise security service
• Authors security strategies, policies, standards, and procedures
• Develops long term visions and roadmaps and presents these to senior management
• Identifies business opportunities enabled by information security
• Occasionally develops business proposals, ensuring quality estimates, and harvesting and leveraging reusable assets
• Develops working relationships with tribes leads and suppliers, ensuring overall strategic and architectural alignment
• Applies industry standards as issued by various standards development organizations

Profile

• Minimum 5 years of experience in information / cyber security architecture
• At least one of CISSP, CISM, GIAC, SABSA, TOGAF or similar Infosec or architecture practice certifications
• Managed architectural work across the full lifecycle from inception through to implementation
• Applied and integrated a broad variety of security technologies, producing layered, defence-in-depth security architectures
• Reconciles multiple stakeholder viewpoints, using architectural patterns and trade-off scenarios
• Applied Infosec industry standards / best practice frameworks (e.g., SANS 20) in large organisations
• Maintained a holistic perspective on the security capabilities needed to support or deliver the enterprise's strategic goals and objectives. These capabilities cover a broad variety of security domains: IAM, EPP, application security, etc
• Acquired skills in general project management, systems development life cycle and architecture documentation
• Applied regulatory and legal requirements related to information Security and Data protection
• Applied risk management methods and techniques in large risk environments
• The candidate identifies, classifies and specifies architectural building blocks (ABB) for the purpose of guiding implementation and change activities in alignment with the strategic security goals

Required skills

• Proven team player with excellent communication, presentation and negotiations skills, and the ability to interface will all levels of the enterprise
• Excellent analytical, conceptual, and problem-solving abilities
• Ability to conduct research into emerging technologies and trends, standards and products as required. Learns fast
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Proven leadership skills combined with a strong drive and orientation for results, ability to motivate self and others, and lead others towards a common goal
• High integrity, work ethics and commitment, Strong decision-making skills, Excellent influencing and facilitation skills, particularly in problem solving / troubleshooting activities.
  
• The candidate has used multiple Enterprise Architecture methods:
  Architecture Development Methods (method processes & content frameworks), such as:
  o TOGAF9 Architecture Development Method
  o SABSA
  o RUP / OpenUP
  o Attribute-Driven Design Method
  o Architecture Trade-off Analysis Method
  
• Architecture Description Languages:
  o Archimate 2
  o BPMN 2
  o UML 2
  
• Architectural requirements definition and management:
  o Process modelling incl. state & event modelling, use case modelling, domain modelling, service modelling
  
• Risk management methods:
  o ISF IRAMv2
  o FAIR
  o OCTAVE
  
• Security tactics & design patterns: Tactics & patterns for confidentiality, integrity, availability, accountability, non-repudiation
• Architecture domain practices:
  o Component modelling (incl. integration, e.g., EAI, SOMA)
  o Data modelling
  o Operational modelling (deployment views)
  o Infrastructure sizing
  
• Security domains and standards:
  o Cloud (Azure)
  o Cryptography (incl. Key Life Cycle Management)
  o Public Key Infrastructure
  o Identity & Access Management
  o Vulnerability and Patch Management
  o Security in the Software Development Life Cycle
  o Resiliency, Disaster Recovery Planning, Business Continuity Planning
  o Application Security
  o Database Security
  o Web Services Security (OASIS standards)
  
• Networking technology:
  o Routing & switching standards
  o VPN (IPSec, MPLS) standards
  o Software Defined Networking
  o Etc.
  
• IT and security infrastructure standards:
  o Cloud native projects
  o Application Servers: WebSphere, WebLogic, JBOSS
  o Encoding schemes
  o Service oriented architectures
  o Directory technologies
  o AAA
  o Databases: Oracle, SQL, JDBC
  
• Telco industry knowledge and experience:
  o The candidate must have multiple project experiences defining reference architectures or solutions in the telecommunications industry.
  
• Languages : English , French / Dutch is certainly a plus