Senior Manager, Senior Security Domain Architect at Equity Bank Kenya

• Senior Security Domain Architect will be responsible for the development of enterprise information security architectures and solutions. Develop and review architecture artifacts for Data Security,
• Infrastructure Security, Active Directory Security, Identity and Access Management, Network Security, IOT,
• Blockchain Cloud and manage adherence to architecture standards

Job Responsibilities/ Accountabilities:

• Provide expert direction in implementing Xylem’s enterprise security architecture strategy for platforms, applications, security services, network security and infrastructure, while considering potential risks in the organization’s current technology deployments, to build a successful and strong enterprise security posture
• Secure and automate capabilities through collaboration with InfoSec, Compliance, Cyber Defense, Product Security and Engineering resources.
• Define and advise on the design, implementation and processes necessary to protect information system assets
• Translate business requirements, risk assessments, high-level policies and controls towards security architecture requirements and designs for existing or new security services and projects on business and IT side.
• Participate in discussions regarding the high level IT and operational process design and implementation of security in projects
• Act as a security subject matter expert for Cloud, IOT, Blockchain, IAM, Data and Application, Network, Database and Infrastructure domain
• Additional knowledge on other domains will be used to assist other Cyber Security Domain Architects covering other security domains (for example mainframe, data, PKI and cryptography, network security, platform security, IAM, application security, devsecops etc.)
• Your stakeholders are mainly business owners/analysts, project leaders, enterprise architecture, risk management, internal/external auditors and IT engineers, developers and solution designers
• Responsible for application security but with a good working knowledge of other security domains
• (Cryptography, Identity and Access Management, Threat and Vulnerability Management, Infrastructure and Networks and Auditing, Logging and Compliance)
• Proven ability to follow global established standards in digital evidence acquisition and handling, experience with conducting digital investigations and incident responses and experience in managing insider threats and cyber and data exfiltration incidences
• Support the delivery of the 3 year Cyber security roadmap to maintain and optimize the Advanced
• Cyber Security & Emerging technologies / controls capability
• Lead the enhancement and optimization of implemented reporting mechanisms to demonstrate the value of the Advanced Cyber Security & Emerging technologies / controls function with tangible benefits
• Follow information security policies, methods, standards, National Institutes of Standard and Technology (NIST) standards and practices to organizational information systems, IT reference materials and interpret regulations
• Help coordinate the implementation of security programs across all agency platforms
• Assist with Active Directory access and Group Policies, Internet intrusion detection, Internet filtering, and monitoring of employee access, virtual private networking (LAN/WAN) security
• Assist and participate with the Senior IT Specialist as an advisor in projects to enhance or develop new IT systems, or to study the feasibility of acquiring new technology
• Strategy:
• Understand information security domain of Network, Application, Infrastructure, and Database
• Document and communicate security architecture to the GM, Enterprise Security Architecture team and the Chief Information Security Officer respectively.

Knowledge and Experience

• A Degree or its equivalent in Information Technology, Network Security, Enterprise Network Management, Information Security, Management Information System Computing, Engineering or similar area of study
• Minimum 10+ years of increasingly diverse and complex experience in field of Cybersecurity within a global environment, with at least a minimum of 5+ years in security architecture and network, and infrastructure security
• Network Security Architecture – Deep technical understanding of designing and securing of both WAN and LAN environments including SD WAN, MPLS, VPN, Segmentation, Micro-Segmentation,
• Factory Segmentation, Routing and Switching. Routing and Switching design, deployment and Operations
• Professional certifications such as TOGAF, SABSA or IAF architecture frameworks. CEH, CISA, CCISO, CISSP, GIAC, ISO 27001 LA/LI or specific security product certifications are an asset
• Cloud Security –Technical understanding of virtualization, cloud infrastructure, and public cloud offerings. Experience designing network security configuration and controls within cloud-based solutions in Microsoft Azure and Azure PAAS service
• Experience designing, implementing, deploying and operating vulnerability scanning infrastructure and services
• Experience selecting, testing, and supporting Endpoint Detection and Response technologies
• Experience with the integration of common infrastructure security technologies and solutions into business solution architectures including the integration of identity & access management, intrusion detection and prevention, security monitoring, and data encryption solutions
• Excellent verbal/written communication, collaboration, analytical and presentations
• Ability to carry high-level conversations; proven ability to present to senior leadership
• Experience designing and implementing secure architecture and reference architectures; from business requirements gathering to technology rollout oversight, including capacity management, definition of scoring methodologies for technology selection, integration of multiple tools and reporting functionalities, technical documentation
• Experience and in depth understanding of the latest security principles, application security architecture, security technologies, techniques, standards and protocols.
• Hands on experience in deploying security technologies such as Next Generation Firewalls, Intrusion Prevention, anti-malware/anti-virus, endpoint security technologies, SIEM, authentication systems, log collection / management, content filtering, Wireless Access controls, Citrix NetScaler, VDI technologies, Network Access Control, identity management technologies, cloud security technologies, data encryption technologies, virtualization security, mobile application security
• Excellent understanding of Identity and Access Management design and process
• Excellent understanding of directory services
• Experience of identifying and managing technology security risk