Lead System Security Architect

Overview

The Lead System Security Architect leads conventional System Security Architecture with a focus on secure system design, and plays a management role coordinating Governance, Risk and Compliance (GRC) activities across a group of companies, including NCII providers in Malaysia and internationally. Responsibilities and collaboration include engagement with subsidiary security and technical specialists, and leading specialist projects and programs within the GRC function. Responsibilities

Directly support the Group’s CISO. Lead and manage GRC personnel as required. Develop, review and implement security architectures and frameworks for IT systems, networks, applications and OT. Evaluate or prepare security requirements proposed for project or tender submissions. Develop security surveillance strategies, frameworks, and procedures. Develop security assessment surveys and maturity measurement methods. Identify vulnerabilities and perform security risk assessments. Define and enforce security policies, procedures, and best practices. Define governance and risk management procedures and methodologies. Define security roadmaps based on business and enterprise priorities. Evaluate and recommend security tools and technologies. Coordinate and communicate GRC activities across the Group’s subsidiaries. Define and manage data gathering and reporting across the Group’s subsidiaries. Develop and maintain system security architecture and design standards / templates. Maintain records of system architectural patterns and secure engineering solutions. Work with the Security Risk & Compliance Manager to maintain and present a consistently accurate assessment of enterprise risk. Work with the Cyber Security Architect to ensure all aspects of Cyber Security Operational capability are developing appropriately and to communicate threat intel across subsidiaries as required. Work with the Security Compliance Lead to ensure all aspects of the GRC function are planned, implemented and applied effectively. Knowledge Requirement

In-depth knowledge of Mitre ATT&CK Tactics and Techniques and OWASP Top Ten. In-depth work experience in hybrid and cloud architecture / system design and implementation. In-depth knowledge of zero trust principles, network security, cloud security, cryptography, and secure software development. Practical experience in NIST CSF and CIS Controls assessment and implementation. Demonstrable experience delivering detailed system security design and threat modelling. Project and / or programme management and support experience. Excellent documentation and writing skills. Excellent communications skills. At least 5 years work experience as a System Security Architect. Previous work experience in IT architecture and infrastructure. BSc in Computer Science, Computer Engineering or equivalent. Seniority level

Mid-Senior level Employment type

Full-time Job function

Information Technology

#J-18808-Ljbffr