Job Description

Job Category: Security Engineering
:
The purpose of this role is to ensure that IT systems and projects undergoing change are secure by design, build, and implementation. The ideal candidate will play a critical role in embedding security principles throughout the project lifecycle, ensuring compliance with organizational Global Information Security policies, industry standards, and regulatory requirements. This role requires a deep understanding of security architecture, risk management, and secure development practices, as well as the ability to collaborate with cross-functional teams to deliver secure IT solutions.
Key Responsibilities:

• Collaborate with project teams / squads to ensure security requirements are integrated into the planning and design phases of IT systems.
• Perform security reviews of technical designs, configurations, and implementations to identify and address cybersecurity risks.
• Conduct threat modeling and risk assessments to identify potential vulnerabilities and recommend mitigations.
• Ensure all IT changes and projects follow established security governance processes, including risk assessments and approvals.
• Collaborate with Change Advisory Boards (CAB) to ensure security considerations are addressed before changes are approved.
• Maintain documentation and knowledge base of security assessments, decisions, and actions taken during the project lifecycle.
• Act as the primary security advisor for IT projects, working closely with project managers, architects, developers, and other Global Information Security stakeholders.
• Contribute to the development and enhancement of security policies, standards, and guidelines.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 7+ years of experience in information security, with a focus on secure design, architecture, and implementation.
• Strong knowledge of security frameworks and standards (e.g., ISO 27001, NIST, PCI DSS, OWASP).
• Experience conducting threat modeling, risk assessments, and security reviews.
• Proficiency in secure development practices, including secure coding, encryption, and vulnerability management.
• Familiarity with IT change management processes and governance frameworks.
• Strong analytical and problem-solving skills, with the ability to assess complex technical environments.
• Excellent communication and interpersonal skills, with the ability to influence and collaborate with diverse stakeholders.
• Relevant certifications such as CISSP, CISM, CEH, or SABSA.
• Experience with cloud security (e.g., AWS, Azure, GCP) and DevSecOps practices.
• Experience working in Agile or DevOps environments.

Skills Required