Security Architect

As a Security Architect you ensure that

• IT systems are up to date with the latest security standards, authentication protocols and best practices. (Technical baselines within the configuration management)
• you actively support your employees with solutions and implementations coming from suppliers, customers and programs.
• You actively guide the objectives and programs by working out a management framework around DevSecOps, integrating it with threat, vulnerability and risk management measures.
• You always work tailored to the organization, taking into account the capacity and necessary efficiency of your target audience.

In addition, you take into account other initiatives within the various agencies and departments, the various authorities (Federal, local authorities, European, etc.) and ensure that the program can integrate with them.

You are part of the Team Information Security and report directly to the Chief Information Security Officer.

The security architect's duties include:

• Building and supporting an ISO27001 certification of the own organization.
• Analyzing the current security systems, operations, processes, complex issues in their cohesion, from various stakeholder perspectives
• Establishing, tuning and securing the security architecture principles, standards, models and guidelines
• Supervising security tests and ensuring continuous security monitoring
• Drawing up and maintaining the security architecture
• Drawing up guidelines and performing checks on disaster recovery procedures
• Follow-up of security incidents, change requests (Security) and risk management
• Testing the efficiency of existing processes and the underlying architecture on the basis of feedback from incident and risk management
• Providing architecture advice at tactical, strategic and operational level in collaboration with the CISO of Digital Flanders
• Producing and updating documentation in the field of security architecture
• Support security awareness within the organization and actively encourage employees to do so.

Main responsibilities

• ISO27001 program within Digital Flanders
• Active participation (also autonomous)
  • Incident management
  • Change management
  • Risk management
• Guidance on operational processes, identification of improvement paths and optimization possibilities

• Proven knowledge/experience in ISO27 - Medior ( 5,00 years ) - Nice to have
• ITIL process framework - Junior ( 3,00 years ) - Must have
• CCSP certified - Must have
• CISSP certified - Must have
• Demonstrated experience as an Enterprise Architect with specialization in security. - Must have
• Proven experience in a similar position as Security Architect - Senior ( 8,00 years ) - Must have
• Demonstrable experience with architectural concepts - Must have
• Demonstrated knowledge of enterprise architecture (e.g. Zachman, TOGAF, NIST SP800-53) with proven specialization in security architecture (e.g. SABSA, OSA - Must have
• Higher education (Master or Bachelor) with technical/engineering or business background. - Must have
• Perfect oral and written knowledge of Dutch (European CEFR level C2) -Must have
• Demonstrated knowledge of MS Office packages - Nice to have
• Demonstrated knowledge of Business Solutioning, being able to propose cost-effective business solutions that meet the security risk appetite of the customer - Nice to have
• Communication skills and experience with teamwork and project-based work. - Nice to have
• Knowledge of business processes in general - Nice to have
• Knowledge of business processes of the Flemish government in particular (after an introductory period) - Nice to have
• Strong abstraction ability - Nice to have
• Strongly communication and analysis oriented. - Nice to have