Enterprise Security Strategy

**Company Description** For a winning team that is evolving.** Forward with Cuscal.

At Cuscal, you’ll find a strong, successful company that’s reimagining the future. And our team is right there at the heart of it all. Here, you’ll deliver or support interesting, ground-breaking projects that have real impact - on Australia’s financial services sector and the millions of customers it serves. You’ll innovate alongside skilled, smart, connected teams. And you’ll build an impressive, fulfilling career that continues to grow. As the largest independent payment solution providers, we’ve set the standard for over 50 years. Now, we’re preparing to pioneer the next 50.
**Job Description** We are looking for an Enterprise Security Strategy Architect to join our evolving IT Security team in a pivotal role, responsible for defining and executing a unified cybersecurity strategy**

**What is this role about?**

As the Enterprise Security Strategy Architect, you will ensure that security is embedded into enterprise-wide initiatives by defining secure architecture patterns, performing threat modelling and providing strategic business consulting. This role is critical in enabling agile, and scalable security practices that support innovation and minimise risk across Cuscal.

Here’s some more insight into what you’ll work on,

**Security Strategy & Alignment**:

- Lead the development and maintaining the Cuscal’s enterprise security strategy, ensuring alignment with business objectives and regulatory requirements.
- Provide strategic direction for security investments and ensure that security architecture is integrated into the Cuscal’s overall technology landscape.
- Define and maintain the security architecture strategy & roadmap, ensuring that it evolves with emerging threats, technologies, and business needs.

**Security Architecture and Pattern**:

- Establish security reference architectures to guide the development of secure solutions that support agility and scalability across all projects and initiatives.
- Collaborate with enterprise architects and cross-functional business to ensure security considerations are integrated into enterprise wide architectures.

**Threat Modelling and Risk Assessment**:

- Lead and facilitate threat modelling exercises across projects and business functions to identify and mitigate potential security risks.
- Collaborate with technical teams to perform security assessments and ensure that all new and existing systems adhere to the Cuscal’s security standards.
- Drive proactive threat modelling as a part of the software development lifecycle (SDLC), integrating it into agile and DevOps environments

**Business Consulting and Stakeholder Engagement**:

- Foster a culture of security by design, working with product owners and development teams to embed security early in the development process.
- Deliver clear and actionable security guidance that enables the rapid and secure delivery of business solutions in an agile environment.
- Provide thought leadership and guidance to security, IT, and business teams on security design patterns and architectural decisions.

**Qualifications** What can you bring?**
- 10+ years of experience in cybersecurity, with at least 5 years focused on security architecture and strategy.
- In-depth knowledge of enterprise security frameworks, such as SABSA, TOGAF, and NIST.
- Extensive experience in designing and implementing security architectures across complex IT environments, including cloud, hybrid, and on-premises solutions.
- Strong understanding of security technologies, including IAM, PAM, encryption, network security, cloud security, and security operations.
- Be able to navigate the challenges of a varied role in a dynamic organisation.
- Ability to identify tasks and activities required to meet project requirements and to set goals and priorities in line with business objective.
- Although not required, any experience in the following would be highly regarded: _
- Payment’s industry, ATM/EFT/POS technology, cards and finance or other regulated industries and/or 24x7 mission-critical environments.
- Knowledge of security frameworks and standards such as ISO 27001, CPS234, ASD Essential 8 etc.
- Understanding of legal, regulatory, privacy and security matters associated with the Banking and Finance Industry.