Cloud Security Architect (PROJ-4378)

Key Duties and Responsibilities:

• Liaise with multiple project and capability stakeholders to assist in design and documentation of the Cloud system security controls.
• Engage with Enterprise/Solution Architect and Cloud Engineers at all levels to ensure that designs align with security accreditation standards to achieve ITSEC security accreditation at a “PROTECTED” level.
• Ensure that Cloud Systems achieve ITSEC Security Accreditation at the “PROTECTED” level and maintain accreditation through the capabilities lifecycle.
• Create and maintain Cloud Security documentation and configuration, including the use of vulnerability assessment tools.
• Undertake Cloud System security threat and risk assessment and manage risk registers as required.
• Support the operation of the Cloud support and development team by providing the following services:

** IT security education and outreach

** Professional leadership on IT security related matters and issues

** Continuous improvement processes

** Stakeholder engagement on security-related matters

** Operational IT Security including device inspections and monitoring service desk queues

Other Skills and Knowledge

• Experience identifying and applying security controls to large scale, complex capabilities and/or developing ICT Security analytics.
• Experience architecting security solutions for complex systems.
• Experience in the provisioning of security controls to cloud computing systems

Essential criteria

• Interprets information assurance and security policies and applies these to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Plans, organises and conducts information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain. Contributes to the development of policies, standards and guidelines.
• Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Contributes to development of information security policy, standards and guidelines. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security and recommends appropriate control improvements. Develops new architectures that manage the risks posed by new technologies and business practices.
• The independent assessment of the conformity of any activity, process, deliverable, product or service to the criteria of specified standards, such as ISO 27001, local standards, best practice, or other documented requirements. May relate to, for example, asset management, network security tools, firewalls and internet security, sustainability, real-time systems and application design.
• The authorisation and monitoring of access to IT facilities or infrastructure in accordance with established organisational policy. Includes investigation of unauthorised access, compliance with relevant legislation and the performance of other administrative duties relating to security management.