Job Description

Position summary
Industry: FMCG & Supply Management
Job category: FMCG, Retail, Wholesale and Supply Chain
Location: Western Cape
Contract: Permanent
Remuneration: Market Related
EE position: No
Introduction
We are searching for an energetic, self-driven and creative Security Architect to join us on our mission to maintain and develop a high-performing cybersecurity function in support of a complex business undergoing digital transformation. We are looking for a Senior Architecture and Engineering member of the cybersecurity team. This role supports the manager as part of a technical security team that designs, maintains and enhances the security technology stack with a zero-trust philosophy, supporting the key principles of 'security by design and default', and leverages modern technology and AI capabilities. This function enables security and technology teams through both change and operations. This is a highly technical role that requires demonstrable experience in security design, engineering, architecture and threat modelling.
Job description
Maintain the cybersecurity architecture covering the current and future technology landscape including on-prem and cloud solutions architecture.
Identify solutions to enhance our architecture (e.g. improve visibility, reduce noise, automate or consolidate).
Contribute to the Security Reference Architecture development which supports Security by Design and associated standards.
Contribute to Business Case formulation with the relevant security input - advisory, standards and security patterns.
Own Cybersecurity Enterprise Architecture (CEA) principles and drive adoption through Enterprise Architecture (EA) and across the business.
Drive the implementation and optimization of Security by Design (SbD) across Woolies projects and Business Enablement.
Proactively identify security design gaps in existing and proposed architectures and provide required changes or enhancements. Document these as relevant for re-use.
Contribute to the ongoing maintenance and enhancement of Cyber and Information Security Policies, Standards, Procedures and Guidelines.
Plan and prioritize projects and workload to deliver to the roadmap.
Provide updates, context and feedback to relevant stakeholders.
Conduct Security Architecture reviews for Projects or Business Enablement
Additional Responsibilities

• Support proactive threat modelling with other cyber and technology stakeholders.
• Make security architectural information easily accessible and self-service to support scale, speed and security by design.
• Remain aware of global security industry trends and translate these into meaningful contributions to the cybersecurity strategy, principles and ways of working.
• Understand Cyber, IT and Business strategies and contribute to the creation and delivery of the annual cybersecurity roadmap and execution with a specific focus on security architecture and engineering disciplines.

Minimum requirements

• 8 years relevant experience in the cyber and information security discipline.

• 3 years experience in security engineering.

• 3 years experience in security architecture.

• 4-year degree or IT qualification.
• Experience in cloud security architecture and technologies.

• Experience in EA and/or Systems Architecture

• Resiliency, determination, and pragmatism.

• May be required to assist outside of working hours.

Advantageous

• Relevant qualifications and certifications such CEH, CISSP, CISM, CCSP, TOGAF and/or SABSA

Additional Criteria
Experience in programming and scripting is highly advantageous.
Industry certifications (e.g. Palo, Google, AWS, Azure, Qualys) are beneficial.
Experience in building and maturing Security Architecture capabilities is advantageous.
Experience with automation and ML/AI capabilities.
Practical experience with adversarial frameworks such as MITRE ATT&CK.
Working knowledge of PCI-DSS.
Experience with security operations tools, frameworks, practices, and processes.
Hands on experience with cloud computing

Skills Required