Queensland Treasury Corporation | Senior Associate, Security Architect

Purpose of Role The Security Architect will be pivotal role in the design and implementation of best practice in security technology solutions. This role is essential in assessing the current technology architecture and working closely with Technology, Data and Information (TDI) team colleagues, the PMO and other stakeholders to suggest solutions that align with business needs and strategic direction. The Security Architect is a primary source of expertise for the security implications of technology changes, guiding the PMO and updating architectural artifacts to ensure the highest standards of security architecture design and implementation are maintained.
Responsibilities & Accountabilities The key areas of responsibility and accountability include:
Governance Assist in maintaining QTC's Technical Design Principles in line with QTC's technology strategies, business requirements and the evolution of services in the market. Develop and maintain security architecture artifacts (e.g., catalogues, frameworks, models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations. Strategy and Planning Support the creation and maintenance of Technology and Cyber Security Strategies and Roadmaps to ensure QTC's technology landscape continues to evolve in line with the market, and the evolving cyber threat landscape is managed. Enabling and supporting QTC in developing a culture of secure-by-design solutions through collaboration with Technology, Data and Information team colleagues and key business stakeholders. Working in collaboration with the business to undertake planning to realise future technology benefits and to ensure existing technology has maximum uptake. Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts. Maintenance and Hygiene Have oversight of QTC's technology and security landscape, its strengths, weaknesses and suggest opportunities for improvements. Assist in reviewing and maintaining technical design and as-built documentation to ensure it meets standards and accurately reflects the current state. Support the testing and validation of internal security controls, as directed by Architecture or Security Operations Director or the internal audit team. Assist Security team to assess providers' security certifications (SOC, ISO) for security related deficiencies and report findings as required. Design Be a key point of reference for cross-system / solution impact of technology changes. This includes providing input into Business Cases and Change Requests and working with the PMO to ensure all security aspects are considered through the change process. Validate IT infrastructure and other reference architectures for security best practice and recommend changes to enhance security and reduce risks, where applicable. Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection systems, as part of solution design review. Contribute to the threat modelling of services and applications that tie to the risk and data associated with the service or application. Coordinates with development teams and activities to advocate secure coding practices, and to escalate concerns related to poor coding practices. In the context of solution design, coordinate with the Information Manager to document data flows of sensitive information in QTC (e.g., PII) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenisation). Ensures network designs adhere to standards and required security posture. Support the Security team with reviewing security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics. Evaluate statements of work (SOWs) for providers to ensure that adequate security protections are in place. Competencies Technical Competencies
Proven collaboration skills, communicating technology and security concepts, including a broad knowledge of best practice security standards. Strong interpersonal skills including the ability to develop and maintain effective working relationships with diverse stakeholders and to consult, influence, resolve conflict and negotiate to achieve agreed outcomes. Relationship management skills, including a proven ability to foster solid, open, and collaborative relationships with stakeholders while delivering results. Analytical Thinking and Problem-Solving skills to effectively identify, review, assess and understand information, business ideas, processes, problems, issues, and risks. Significant experience in a previous role providing cyber security architecture. Deep knowledge and experience with security architecture for Azure IaaS and PaaS solutions, including Azure Governance, Security, Identity, Monitoring, and Automation. Technology security risk identification and mitigation advice and design within an organisation leading to successful organisational change and business improvements would be well regarded. The ability to work autonomously, and to work with both technical and non-technical stakeholders in an efficient and effective collaborative manner. Strong personal communication and consultation skills appropriate for all levels of the organisation including proven ability to prepare effective reports, address meetings, facilitate groups and strong skills in negotiation, consultation and conflict resolution. Extensive experience in the application of ICT risk assessment and management processes for complex business environments and supporting ICT infrastructure. Experience with ICT vendor service management, SaaS/PaaS/IaaS services, enterprise content management systems, electronic document management systems. Behavioural Competencies
Integrity, including upholding strong professional and ethical standards. Willingness to accept responsibility and accountability. A passion for technology, data and innovation, and a forward-thinking approach Discretion, maintaining confidentiality, and recognising and respecting sensitivities. Result-driven individual with an innate ability to remain calm and composed during times of uncertainty and stress. Establishes a positive environment by always acting with positive intent, and assuming positive intent from others. Leadership & Management Competencies
Demonstrate personal drive, integrity and commitment to achieve results. Provides technical leadership. Mentors and coaches project team members and change proponents. Qualifications Essential
Requires Tertiary qualification in Information Technology, Computer Science or Computer Engineering or equivalent experience. Desirable
Certifications in Azure Architecture highly desired (AZ-305). Industry certifications such as TOGAF, CISSP, CCSP, SC-100, ISO27001, NIST and AZ-500. Experience with the Microsoft Power Platform and Microsoft Dynamics, particularly security concepts and considerations. Experience Essential
Minimum of 5 years' experience architecting solutions across complex applications and infrastructure environments including the Microsoft Technology stack. Experience in contributing to the development and implementation of new technology systems, processes, and practices. Experience in reporting and presenting complex technical information to various internal stakeholders. Experience in zero trust, identity and access management, encryption, network security and secure cloud computing. Desirable
Recent experience in assisting with the implementation of Microsoft Azure services, including understanding cost impact in design. Experience within the financial industry. Experience delivering services in a government body. Experience in aligning with ISO27001 and ACSC Essential 8. #J-18808-Ljbffr