Security Architect

ERGO Technology & Services S.A.

ERGO Technology & Services S.A.

plac Trzech Krzyży 10/14

Śródmieście

Warszawa

Technologies we use

Expected

  • AWS

  • Azure

  • GCP

  • Windows Server

  • Linux

  • CI/CD

  • K8S

Operating system

Your responsibilities

  • Assume complete responsibility for translating security requirements into service portfolio that will help to establish the scope of security architecture function

  • Contribute to development and implementation of security architecture process into process portfolio ensuring effective and efficient collaboration and enforcement of security architecture principles

  • Support analysis and assessments of the current technological landscapes discovering gaps, deficiencies and recommend design or implementation improvements

  • Facilitate evaluation, modification and selection of core, common and distinct security solutions with emphasis on standardization of architecture ecosystem across ERGO group

  • Cooperate with Global IT Security and IT, translating information security policies into a technical security control framework and security architectural blueprints, communicating these to the projects and stakeholders

  • Participate in definition, prototyping and continuous development of ERGO IT security reference architecture, methodology, models and security controls; aligning requirements from the architecture teams, technology teams and Global IT Security colleagues

  • Support and/or consult implementation of security architecture, and align with IT Architecture functions (enterprise, solution) in other domains

  • Cooperate with other security units and develop security standards, schedule improvements based on IT strategy, project feedback and other sources

  • Manage stakeholder relationship working closely with business stakeholders, domain leaders, process owners and third-party suppliers

  • Ensure that projects and solutions incorporate secure by design principal and that IT security is embedded at early stages of the development process

  • Challenge the status-quo, service landscapes and security solutions in order to improve the adherence with security principles as well as policies and standards

  • Evaluate and analyze emerging IT and security technologies and market trends, as well as their potential impact on ERGO

  • Review of existing architectures in the projects and assessing the security maturity and compliance levels, with the goal of jointly identifying potential short- and long-term improvement

Our requirements

  • Minimum 5 years of technology and IT experience in enterprise environment, ideally with a specialization in information security topics, either in software and/or infrastructure development

  • Minimum 2 years of professional experience as an IT and/or information security architect and/or consultant

  • Degree in Computer Science, Information Security, or relevant experience

  • proven knowledge of international security standards and methodologies as well as additional qualification (CISSP, CISA, CISM, SABSA, TOGAF or equivalent)

  • Understanding business process context

  • Hands-on experience and superior technical knowledge in at least two of following technologies: Windows, Linux/Unix, Networking, Databases, Middleware, CI/CD, Containerization/K8S, Public cloud (AWS, Azure, GCP)

  • Ability to translate business requirements into technical solutions

  • Presentation skills including ability to present and explain complex cybersecurity solutions to non-technical audience (including C-level management)

  • Good analytical and conceptual skills

  • Ability to build authority and form strong relationships

  • Ability to deal with ambiguity while working in a continually changing environment under indirect supervision

  • High decision-making and prioritization skills

  • High cultural awareness and working experience in a complex and multicultural environment

  • Excellent experience in security solution evaluation (e.g. Proof of Concept) and recommendation

  • Knowledge of microservices-based and distributed systems architecture

  • Fluent English (at least C1 equivalent)

Optional

  • Experience in IT environment of financial services companies and the technologies used there

  • background in any modern programming language, compiled (such as Java, C++) or used for scripting (such as Python, BASH)

  • ISO27001/27002/27005, CISSP, ISSAP, CISA, CISM, TOGAF and COBIT certifications

  • Good knowledge of authentication and authorization procedures and protocols (Oauth, OpenID Connect, SAML, WebAuthN, CTAP)

  • Knowledge of security frameworks (offensive/defensive) such as MITRE ATT&CK, Cyber Kill Chain/Unified Kill Chain, SABSA, CIS, OWASP

  • Web Application Security (Java/Javascript, HTTP/2, ASP.NET, Nginx, IIS, WAF, DDoS, CDNs)

  • Practical knowledge of Zero-Trust architecture

  • Modern encryption and key management methods for both in-transit and at-rest data protection

  • Threat modeling and technical risk assessment (STRIDE method or comparable standards)

  • Community contributions (open source work, publishing/speaking on technical and security ideas)

  • Knowledge of ITIL service management

This is how we organize our work

This is how we work

  • in house

Benefits

  • sharing the costs of sports activities

  • private medical care

  • sharing the costs of foreign language classes

  • sharing the costs of professional training & courses

  • remote work opportunities

  • flexible working time

  • integration events

  • corporate gym

  • no dress code

  • video games at work

  • leisure zone

ERGO Technology & Services S.A.

ERGO Technology & Services S.A. (ET&S S.A.) was established in January 2021 following the integration of ERGO Digital IT and Atena into one entity, leveraging the strengths and best practices of both companies.

ET&S S.A. belongs to the ET&SM technology holding of ERGO Group AG, supporting millions of internal customers with state-of-the-art IT solutions to everyday problems. We are dedicated to bring digital innovations to every aspect of the landscape of insurance. Discover how we are implementing AI, IoT, Voice Recognition, Big Data science, advanced mobile solutions and much more to accommodate our customers’ future needs around the globe. See how you can be a part of the digital revolution and apply to join us today!

About the role

We are looking for an IT Security Architect who will join Global IT Security Architecture Team and will be accountable for planning, designing and communicating security architecture roadmap and strategy, ensuring that solution designs are aligned with the target architecture landscapes meeting both business and technology requirements.

You will be responsible for representing IT Security Architecture, designing architecture solutions aligned with ERGO Group strategy, delivering assessments and advisory for global and complex security program portfolio, which includes cloud migration initiatives, ensuring that designed solutions successfully meet the regulatory compliance of major international companies in the insurance sector.

Within different ERGO Group projects, you will act as a key person responsible for the coordination of the cybersecurity area, including demanded security analysis, security controls implementation (e.g. audit traces, communication security, access control model, data processing validation) and security self-assessment. You will cooperate with members of the IT Architecture Team as well as our developers, designers and software engineers on all relevant security topics.

Scroll to the company’s profile