Job Descriptions

Other Titles Include

• Enterprise security architect

Note: Primarily following education and a career pathway from an existing enterprise architect role, this is an emerging specialist role primarily employed in large tech-enabled organizations, shared services or systems or security providers.

Reporting relationship

To be completed by the user of this job description as appropriate

Job purpose / summary

Designs, develops and oversees the implementation of network and computer security structures for an organization, ensuring security requirements are adequately addressed in all aspects of the infrastructure, and the system supports an organization’s processes

Duties and responsibilities

• Collaborate with key stakeholders to establish an effective cybersecurity risk management program.
• Ensure compliance with the changing laws and applicable regulations
• Define and review an organization’s technology and information systems, and ensure security requirements
• Recognize appropriate disaster recovery plans and business continuity functions, including any failover or backup requirements for system restoration
• Plan, research, and develop robust security architectures for systems and networks
• Research current and emerging technologies to understand capabilities of required networks or systems
• Prepare cost estimates and identify integration issues
• Conduct vulnerability testing, risk analyses and security assessments
• Research and develop a system security context, and define security assurance requirements based on industry standards and cyber security policies and practices
• Ensure the acquired or developed systems and architectures are consistent with an organization’s cyber security policies and practices
• Perform security reviews and identify gaps or determine the capability of security architectures and designs (e.g., firewall, virtual private networks, routers, servers, etc.), and develop a security risk management plan
• Prepare technical reports that document the architecture development process
• Document and address an organization’s information security, cyber security architecture, and systems security engineering requirements throughout a system life cycle
• Advise on security requirements and risk management process activities
• Support incident management and post-analysis advising on recovery operations
• Develop, deliver, and oversee related cybersecurity training material and educational efforts related to role

Tools and Technology

• Strategic and business plans
• Threat and risk assessments
• Systems architectures
• IT mapping tools and applications
• Incident management processes and procedures
• Security event and incident management systems and/or incident reporting systems and networks,
• Cybersecurity risk management processes & policies
• Privacy and security legislation
• Organizational security infrastructure and reporting systems

Competencies

Underpinning this occupation are those competencies demonstrated for an executive level which include those identified within the US NICE Cybersecurity Workforce Framework.

Advanced application of the following KSAs:

• Business needs for security
• Legal, policy and compliance requirements
• Integrated/organizational security concepts, principles and practice (software, system, data, physical and personnel)
• Preventative technical, operational and management controls available and organizational responsibilities for those controls
• Sector/context relevant threats, business needs and technical infrastructure
• Project management and security requirements throughout the project life-cycle
• Cryptography and cryptographic key management concepts;
• Virtual Private Network devices and encryption;
• Engineering concepts and practices as applied to systems security and systems architecture
• Security architecture concepts and enterprise architecture reference models;
• Security assessment and authorization processes
• Authentication, authorization, and access control methods
• System testing and evaluation methodologies and processes
• Application security system concepts and functions
• System life cycle management principles, including software security and usability
• Industry standards and organizationally accepted analysis principles and methods
• Configuring and using software-based computer protection tools
• Designing hardware and software solutions
• Cybersecurity program management, measures and monitoring
• Incident management and system recovery planning and operations

Direct reports (if appropriate)

To be completed by the user of this job description as appropriate

Qualifications

Education. Post-secondary education in IT infrastructure and architecture (e.g.; computer engineering, IT systems architecture)

Specialized training in security architecture concepts, principles, and practices. Training to support security tools needed to support role.

Certifications.

To be completed by the user of this job description as appropriate

Other relevant qualifications.

To be completed by the user of this job description as appropriate

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. Previous training and experience in IT security infrastructure, requirements analysis or program management is preferred – 5-10 years of relevant IT experience for advanced-level.

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.