ING Belgium SA/NV
Information Technology Services
Security Architect - Competent
August 2018 ORGANISATION
Reports to the Chapter lead, who in turn reports to the Chief Architect. PURPOSE
To define and maintain the end-to-end architecture for a security domain, perform architecture design for epics and features of a security domain, with attention to non-functional requirements, optimal integration with other domains and platforms and a good balance between cost and quality, and to advise on implementation planning and provide guidance to integrator and engineers on execution according to architectural design. MAIN ACTIVITIES
Independently performs architecture activities for incremental changes (maintaining and extending existing solutions) and innovative changes (conceiving new solutions for emerging opportunities) for a security domain
- Contribution to business value
Designs, advises and presents (target) architectures and roadmaps, and provides architecture guidance and validations.
Assists in definition of (global) architecture standards.
Manages stakeholders up to senior management level within a domain for the scope of a tribe or program.
Masters engineering skills.
Has substantial content and architecture knowledge of one or more domains or platforms (technologies, applications, business processes).
Masters full set of architecture skills.
Is go-to person for Engineers, Product Owners, Architects and Management for architecture advise and execution validation.
Independently creates easy to read and structured documents and visualisations.
Is able to coach more junior colleagues.
Works mainly independently, sometimes under limited guidance. Seeks mentoring of more senior colleagues.
- Strategic Supplier Management
Maintains (strategic) supplier relationships with one or more suppliers in his/her own domain.
Contributes to the development of ING requirements for package solutions.
- Risk, Securi ty and Reliability
Thoroughly understands the Security requirements for a set of involved domains. Ensures and increases security of the involved domains. Understands Security controls and Risk policies and the link to business value. Translates Risk policies to architectural guidelines.
Able to define and maintain the end-to-end architecture for a security domain and perform architecture design for epics and features of a security domain. CRITERIA Area of responsibilities
- Organizes and takes active part in the definition and maintenance of a Security Domain Architecture (end-to-end chains), ensuring it is scalable, adaptive to change, with sufficient demarcation and decoupling points to other domains.
- Organizes and takes active part in the breakdown of desired (business) themes for the domain into epics and features, that can be further refined into implementable stories.
- Defines architecture (IT) epics and features to further improve the quality of the domain.
- Organizes and takes active part in the definition and maintenance of a realistic and ambitious Implementation Roadmap for the domain, also taking non-functional requirements into account.
- Organizes and takes active part in the integration of security services and platforms across a set of involved domain, optimizing functional and non-functional requirements and reducing complexity and technical debt.
- Takes active part in the activities of mandated Product Owner of all (application) interfaces from his domain, including everything required in the IT chain that fulfils the functional, non-functional, Risk and Security requirements of these interfaces.
- Organizes and takes active part in the designs, alignment, maturing and realization of all (application) interfaces of his domain, including the required IT chain.
- Organizes and takes active part, together with the Engineering discipline, in documenting design patterns and practical implementation guidelines in Cookbooks that provides guidance to Engineers, Product Owners, chapter leads, managers and teams/squads for the domain.
- Defines Quarterly Business Review (QBR) items and advises on sign off of quarterly plans and/or Change Governance Documents;
- Organizes and takes active part in the validation process ensuring that the architecture is implemented according to plan, minimizing technical/tactical debt. Escalates to management if necessary.
Possible consequences of erroneous decisions and/or erroneously carried out:
Knowledge and Complexity / problem solving
- Considerable impact on the company's activities, services to customers: architecture decisions have impact on the entire domain.
- Substantial damage to corporate image: wrong architecture decisions result in malfunctioning business processes and customer services within his domain.
- Significant cost increase: malfunctioning processes require costly corrective actions, and eventually the replacement of substantial parts of solutions in the domain.
Communication and Consultation
- Has significant knowledge of multiple environments (domains, platforms, products, architectures, technologies, ...).
- Actively solves difficult problems, making a thorough analysis, sorting information by relevance, thinking in future-oriented terms, showing medium-term perseverance without becoming dogmatic or rigid, taking increasing responsibility for actively making decisions on the basis of limited information, adapting his approach while purposely searching for alternative routes,
- Master level or equivalent by experience.
- 3- 5 years of relevant work experience.
- Good written and spoken knowledge of English.
- Regular mentoring by senior architects;
- Daily contacts with IT teams (Engineers) for the resolution of complex incidents, information exchange, advice and validation of changes;
- Regular contacts with internal stakeholders (engineers, product owners), with a view to exchanging information;
- Regular contacts with managers (IT Area Leads) and representatives of IT and business departments with a view to advising, persuading.
- Is a member of the architects' community;
- Regular contacts with external suppliers or partners to exchange information about solving architectural problems, modifying or updating the architecture, to discuss the requirements and quality attributes for the architecture.