Security Architect (PROJ-4376)

Job Duties and Responsibilities

• Develop security architectures, (current, transitional and target state), based on agency strategies & plans; and deep understanding of technology & complex ICT systems.
• Inform & validate security requirements for new and existing capabilities; apply requirements traceability to solution designs, implementations & configurations.
• Proactively assess the suitability of solution components against relevant architectures, strategies, policies, standards and practices; identifying issues and proposing options for risk reduction.
• Develop capability gap analysis based on the differences between the current and target state architectures providing guidance on risk management.
• Provide advice and risk-based guidance to support solution implementation including managing security elements of change requests and deviations from specifications.
• Obtain, advise and act on threat intelligence and changes to the technology landscape. Author and review products including tailored security risk assessments and business impact analysis.
• Contribute to the approval of designs through architectural, security and stakeholder bodies. Ensure that that design activities and reviews canvass input from technical and security experts.
• Contribute to agency security and technical architecture forums, representing divisional capability stakeholders.

Technical Skills

• Experience developing and applying security architecture best practices to enterprise and bespoke ICT systems to achieve capability outcomes with proportionate security assurance.
• Experience providing tailored and robust ICT security advice to technical & project staff.
• Experience in modelling business processes by using various tools and techniques.
• Experience with enterprise architecture modelling tools.

Essential criteria

• Provides definitive and expert advice in their specialist area. Actively maintains recognised expert level knowledge in one or more identifiable specialisms. Oversees the provision of specialist advice by others. Consolidates expertise from multiple sources, including third-party experts, to provide coherent advice to further organisational objectives. Supports and promotes the development and sharing of specialist knowledge within the organisation.
• Designs large or complex systems and undertakes impact analysis on major design options and trade-offs. Ensures that the system design balances functional and non-functional requirements. Reviews systems designs and ensures that appropriate methods, tools and techniques are applied effectively. Makes recommendations and assesses and manages associated risks. Adopts and adapts system design methods, tools and techniques. Contributes to development of system design policies, standards and selection of architecture components.
• Contributes to the development of solution architectures in specific business, infrastructure or functional areas. Identifies and evaluates alternative architectures and the trade-offs in cost, performance and scalability. Determines and documents architecturally significant decisions. Produces specifications of cloud-based or on-premises components, tiers and interfaces, for translation into detailed designs using selected services and products. Supports projects or change initiatives through the preparation of technical plans and application of design principles. Aligns solutions with enterprise and solution architecture standards (including security).
• Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Contributes to development of information security policy, standards and guidelines. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Develops new architectures that mitigate the risks posed by new technologies and business practices.
• Interprets information assurance and security policies and applies these to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Plans, organises and conducts information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain. Contributes to the development of policies, standards and guidelines.
• Produces, or approves network providers', network architectures, topologies and configuration databases for own area of responsibility. Specifies design parameters for network connectivity, capacity, speed, interfacing, security and access, in line with business requirements. Assesses network-related risks and specifies recovery routines and contingency procedures. Creates multiple design views to address the different stakeholders' concerns and to handle both functional and non-functional requirements.

Desirable criteria

• Takes responsibility for understanding client requirements, collecting data, delivering analysis and problem resolution. Identifies, evaluates and recommends options. Collaborates with, and facilitates stakeholder groups, as part of formal or informal consultancy agreements. Seeks to fully address client needs and implements solutions if required. Enhances the capabilities and effectiveness of clients, by ensuring that proposed solutions are fully understood and appropriately exploited.
• Manages the innovation pipeline and executes innovation processes. Develops and adapts innovation tools, processes and infrastructures to drive the process of innovation. Identifies resources and capabilities needed to support innovation. Encourages and motivates innovation communities, teams and individuals to share creative ideas and learn from failures. Manages and facilitates the communication and open flow of creative ideas between interested parties and the set-up of innovation networks and communities.
• Defines and manages scoping, requirements definition and prioritisation activities for initiatives of medium size and complexity. Contributes to selecting the requirements approach. Facilitates input from stakeholders, provides constructive challenge and enables effective prioritisation of requirements.