About the position
The role is required to assist in the development of a security architecture capability that will continue to mature to address the complex security problems in systems, people and processes including those that emerge in digital business transformation. It incorporates planning and designing Company Processes, Information and Technology components to interact harmoniously while aligned with business requirements to maintain a state of “managed-security-related risk”. Agility in learning core skills and emerging skills based on unique circumstances within the organisation.
JOB DESCRIPTION
Cybersecurity Architecture
- Design and maintain a secure architecture for both cloud and on-premises environments, ensuring alignment with enterprise IT strategy and cybersecurity frameworks.
- Conduct architecture reviews and threat modeling exercises to proactively identify design-level risks and recommend mitigations.
- Develop security reference architectures and patterns for infrastructure, applications, data, and identity management, incorporating zero trust principles and secure-by-design approaches.
- Ensure architectural compliance with industry standards and regulatory frameworks including POPIA ISO/IEC 27001, NIST SP 800-53, IT Joint Standards.
- Improve the security methods and practices that influence the architecture and design of Company processes and technology deployments.
IT Security Operations
- Collaborate with Security Operations to ensure architectural alignment in monitoring, threat detection, and incident response capabilities.
- Provide strategic input into the selection and deployment of SIEM, SOAR, DLP, EDR, and other critical tools to enhance the organization's security posture.
- Oversee the technical validation of security controls and ensure their effective implementation throughout the solution lifecycle.
- Analyze security issues and recommend appropriate solutions, technologies, and best practices aligned to business needs.
- Contribute to the secure configuration of systems and infrastructure in alignment with security baselines and hardening guides (e.g., CIS Benchmarks).
- Ensure adherence to approved ICT governance principles and compliance with applicable policies.
Change and Configuration Management
- Act as a security design authority in change advisory meetings (CAM) processes, evaluating risks associated with proposed changes.
- Provide architectural oversight for security configuration changes and remediation plans resulting from audits, risk assessments, or penetration tests.
Governance, Risk, and Compliance
- Develop and maintain cybersecurity architecture standards, principles, and policies in collaboration with GRC and Enterprise Enablement and Architecture (EEA) teams.
- Ensure architectural compliance with enterprise risk management processes, supporting enterprise risk appetite measures.
- Support the organization in responding to audits and regulatory reviews, providing architectural evidence of control implementation.
- Contribute to the planning and compliance monitoring through the CRMP process.
- Ensure compliance with GOI and IT Joint Standards.
Reporting
- Contribute to the development of strategic cybersecurity dashboards and reports that reflect architectural coverage, maturity, and roadmap progress.
- Track alignment of architectural decisions with key cybersecurity KPIs and organizational goals.
Processes and Continuous Improvement
- Continuously evaluate emerging technologies (e.g., AI/ML in cybersecurity, container security, SASE, XDR) and incorporate innovations into the architectural roadmap.
- Stay informed of emerging cybersecurity threats, trends, and technologies, particularly in the cloud security space.
- Promote the adoption of up-to-date cybersecurity frameworks to enhance overall risk mitigation.
- Champion cybersecurity innovation by participating in forums and research activities to evolve the organization’s security capabilities.
- Regularly update architectural documentation and frameworks to reflect changes in technology and threat landscapes.
Stakeholder Engagement and Collaboration
- Work closely with Enterprise Enablement and Architecture, IT infrastructure, Project Office, and application teams to embed security into solution design.
- Influence and guide internal stakeholders on best practices in cybersecurity architecture and risk-informed decision-making.
- Provide architectural support and guidance to security-related projects, incident response efforts, and solution delivery teams.
- Act as an escalation point for complex security architecture queries or solution reviews.
Ad hoc
- Assist in the execution of ad hoc requests and special tasks as required by team members or leadership.
- Assist in special projects or ad hoc tasks requiring architectural expertise, including post-incident reviews or risk assessments.
JOB REQUIREMENTS
Qualifications
- Minimum Qualifications: National Diploma in IT /Bachelor or Relevant equivalent
- COBIT preferred
- One of the following Cybersecurity certifications is mandatory: ISO 27001/ CRISC/ CISSP/ CEH
Experience
- Minimum of 8 years cybersecurity related experience.
- Experience in security architecture methodologies, tools and enablers.
- Hands-on experience with implementation and monitoring of various IT Security solutions.
Desired Skills:
- Communication skills
- Strategic Thinking
- leadership skills
