Principal Cloud Enterprise Architect (PROJ-4641)

Job Details

ASD’s Cloud program aims to bring commercial hyper scale cloud capabilities to the NIC. It aims to improve agencies’ operating efficiency and effectiveness. It is an unprecedented program for the NIC and therefore provides a unique opportunity for all who are working on it. ASD’s Cloud Program requires an experienced Cloud Enterprise Architect to deliver a number of enterprise level solutions across a series of transformation initiatives throughout the National Intelligence Community (NIC) and ASD.

To deliver this new cloud capability for the NIC, the Cloud Enterprise Architect will join a multi-disciplinary team comprised of highly skilled staff from multiple NIC agencies and strategic partners. The Cloud Enterprise Architect will have a track record of successful enterprise-level cloud services development and implementation. They will possess a strong knowledge of cloud computing technologies, including public, private, and hybrid clouds, and experience in developing cloud services marketplaces.

In collaboration, the Cloud Enterprise Architect will be responsible for leading the Service Catalogue and Third Party Software as a Service processes and governance. This includes bringing together the NIC community stakeholders and Cloud vendor, assuring integration into NIC governance, creating terms of references for vendors and suppliers providing service offerings, and establishing processes for delivery and management.

The role will require identifying and updating policies, standards and architecture repositories to enable cloud adoption. The Cloud Enterprise Architect will be a strong communicator, capable of communicating complex problems, both verbally and in written form, to various stakeholders including senior executives.

Key duties and responsibilities

• Develop and maintain a prioritisation and selection framework for cloud services and solutions. This will include evaluating the technical feasibility, business value, and overall fit with the NIC’s needs and requirements.
• Develop architecture roadmaps, models and plans including evaluating the technical feasibility, and business benefit with overall fit for organisation’s requirements.
• Assess feasibility of solutions and identify potential roadblocks.
• Develop and maintain an enterprise-level cloud services roadmap that aligns with ASD’s strategic objectives, business outcomes and technology strategy.
• Work closely with stakeholders to identify business requirements and functional specifications.
• Take high-level business requirements and industry best practices and translate them into patterns, concepts, principles, and working designs.
• Identify business impacts from implementation or changes to technology strategies and roadmaps.

Technical skills
Essential:

• Professional certification in Enterprise Architecture, such as TOGAF or Zachman, is preferred and certification or training in Cloud Technologies is required.
• Minimum 3 years of experience in architecting Cloud solutions.

Desirable:

• Experience working in a NIC agency undertaking an Enterprise Architect role.

Essential criteria

• AWS Dedicated Cloud Experience: Deep familiarity with concept use of AWS dedicated cloud environments. Demonstrated understanding of the ADC physical and logical isolation boundaries for dedicated cloud environments.
• Strategic Policy Alignment: The ability to map AWS architecture to high-level directives factoring in the appropriate level of CoA and AWS advised risk and security profiles.
• Boundary Protection & Secure Networking: Expertise in designing Transit Gateways, AWS PrivateLink, and Cross-Domain Solutions (CDS). Must know how to facilitate "Air-gapped" style security while maintaining cloud-native functionality.
• Identity Governance (ICAM): Mastery of Identity, Credential, and Access Management (ICAM) at scale. This includes integrating AWS IAM with government-mandated PIV/CAC card authentication and complex Active Directory forests.
• Automated Governance (Guardrails): Expert-level knowledge of AWS Control Tower, Service Control Policies (SCPs), and AWS Config. Must be able to programmatically prevent non-compliant resources from ever being created.

Desirable criteria

• DevSecOps Pipeline Ownership: Experience building CI/CD pipelines that operate within disconnected or low-bandwidth environments, ensuring that software updates are scanned and "vetted" before hitting production.
• Legacy Modernisation Strategy: track record of migrating sensitive monolithic legacy systems into micro services without compromising the "chain of custody" of the data.