Technical Security Architect, Digital Square
Deadline of this Job:
26 May 2022
Within Tanzania , Dar es Salaam , East Africa
Date Posted: Monday, May 09, 2022 , Base Salary: Not Disclosed
PATH is currently recruiting for a Technical Security Architect for its Digital Square team. The Technical Security Architect will be responsible for the strategic direction, technical excellence, and implementation of security across several projects. This position will support PATH’s CoDE team, including all its partners and implementers to ensure that best practices around Data Privacy & Security, Information Security (infosec), Development-Security-Operations (DevSecOps) and Cyber Security (cybersec) are well-established, shared and applied within its internal operations as well as across all its projects and external activities. S/he will work closely with the CoDE and Digital Square teams to ensure adaptability of the policies, processes and guidelines as well as their implementation and compliance. S/he will also provide subject matter expertise on Data Privacy & Security, Infosec, DevSecOps and Cybersec across the organization’s programs, projects and country offices. This position will report to the CoDE Technical Director with a dotted line to the Managing Director of Digital Square.
• In collaboration with CoDE leadership, develop the security strategy with regards to data, information and digital information systems and cyber security.
• Lead in the development of policies, processes and guidelines on Data Privacy & Security, InfoSec, DevSecOps and CyberSec for all digital and information systems projects across the center and its initiatives and projects.
• In collaboration with the CoDE global technical team, TAP, LL and D4A teams, ensure that proposed and existing systems’ code and architecture are in compliance with current policies.
• Provide technical input and support to data and information systems during the design phase as well as for security assessments and audits (code, application, infrastructure) across implementation, project and software development life cycles.
• Provide technical and capacity building support and contribute to the socialization of security best practices with implementing partners, communities, and other stakeholders.
• Revisit and strengthen strategy, policies, processes and guidelines on a regular basis to address new threats or systems added or relevant industry best practices.
• In collaboration with the partners, provide advice and assist in the detection and resolution of any security incidents or detected Common Vulnerabilities or Exposures (CVEs).
• In collaboration with consortia of partners:
• provide recommendations to host country governments, donors, and other stakeholders, on tools to use and/or implement for the various needs identified in alignment with the recommended security strategy and policies, e.g.:
• Intrusion detection system (IDS)
• Intrusion prevention system (IPS)
• Data Loss prevention (DLP)
• Static/Dynamic/Interactive Application Security Testing (SAST/ DAST/ IAST)
• Software composition Analysis (SCA)
• Penetration testing (PEN)
• Anti-distributed denial of service (DDoS)
• In collaboration with the digital health Global Goods technical team and upon request, review source code and architecture of the Global Goods and perform security assessments and audits.
• Create guidance documents, toolkits, and/or webinars to support teams in conducting data security audits for countries, projects, and donor driven initiatives.
• Model a data security audit and lead development of the implementation process for these as required.
• Advanced degree in data, information systems, cyber security health informatics or other related field.
• At least 7 years of progressive experience as a security architect in a multi-national organization, preferably non-for-profit.
• Demonstrated experience in developing best practice on systems security documents including guidelines, standard operating procedures, and security assessment reports.
• 3-5 years of experience as a security engineer or analyst implementing security tools, performing assessments and audits of integrated information systems, including locally hosted, hybrid or cloud-based systems and managing incidents (including fixing issues, applying patches, tracking incidents, preparing reports, etc.).
• Demonstrated experience designing, and implementing security strategy, policies, processes, and guidelines.
• Experience with security-by-design principles applied to software development across the project and software lifecycle.
• Ability and willingness to travel 20% of the time within the region and be available for international travel to participate in global and regional conferences and meetings as requested.
• Preferred skills and experience:
• Previous engagement with senior level stakeholders such as donors and senior government staff (especially in the health domain) to discuss data security strategies, tools and approaches.
• Previous experience in working with and in open-source communities and providing security guidance.
• Certified CSSA or CISSP-ISSAP.
• Knowledge of public health, social sciences, epidemiology, pediatric health, international development desired.
Work Hours: 8
Experience in Months: 84
Level of Education: Bachelor Degree
Job application procedure
To apply follow this link https://path.silkroad.com/epostings/index.cfm?fuseaction=app.jobinfo&jobid=305766&company_id=15780&version=1&source=ONLINE&JobOwner=1012611&startflag=1