We are seeking an experienced Enterprise Architect specializing in Cybersecurity to design and oversee robust security architectures within cloud environments.
Responsibilities:
* Security Architecture & Risk: Defining and supervising security architectures based on Zero Trust principles, and conducting regular risk assessments to identify and mitigate vulnerabilities.
* Policy & Compliance: Developing and enforcing security policies and procedures to ensure compliance with GDPR, eIDAS, ISO 27001, and NIST frameworks. Managing security audits is a key component.
* Infrastructure Security: Overseeing the implementation of network security measures (firewalls, IDS/IPS, VPNs) and application security initiatives, ensuring adherence to OWASP and secure SDLC practices.
* Identity & Access Management (IAM): Coordinating the implementation of IAM solutions, including Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC).
* Incident Response & DevSecOps: Developing and managing incident response plans and forensic investigations. Promoting the integration of security practices into the DevOps pipeline (DevSecOps).
* Cryptography & Data Protection: Overseeing cryptographic protocols (TLS, AES, RSA) and implementing Data Loss Prevention (DLP) strategies to protect sensitive data.
* Cloud Security & Testing: Defining strategies for securing cloud environments (AWS, Azure, GCP) and supervising regular penetration testing and vulnerability assessments.
Requirements:
* Education: A level of education corresponding to a bachelor's degree or 3 years of higher education (EQF Level 6).
* Experience: A minimum of 5-7 years of experience in security architecture roles, with a proven focus on cloud-based environments and projects with high-security demands.
* Certifications: Relevant certifications such as CISSP, CISM, or CCSP are highly desirable.
* Knowledge: Must possess deep expertise in the listed domains, including risk assessment, cloud security governance, IAM, and regulatory compliance. Familiarity with threat modeling (e.g., MITRE ATT&CK) and emerging trends is required.