Cybersecurity+ TPRM

Job Title: Security Architect

Location: Melbourne / Sydney, Australia

Work Type: Full-time

About the Role:

We are seeking a highly skilled Security Architect to join our team and play a key role in designing, implementing, and reviewing enterprise security solutions. The ideal candidate will have a strong technical foundation in cybersecurity architecture, extensive experience in assessing third-party risks, and the ability to provide strategic guidance across business and IT functions to strengthen the overall security posture.

Key Responsibilities:
Develop and maintain enterprise security architecture frameworks, standards, and roadmaps aligned with organizational goals.Conduct Security Architecture Reviews for internal systems, applications, and partner/third-party integrations.Evaluate proposed technology solutions to ensure compliance with security requirements and policies.Perform third-party and partner risk assessments, evaluating vendor controls and identifying potential vulnerabilities.Provide subject matter expertise on third-party risk to stakeholders across business and IT, recommending practical and effective risk mitigation strategies.Collaborate with cross-functional teams (IT, Risk, Legal, Procurement) to ensure end-to-end security throughout vendor lifecycle.Lead threat modeling and security design sessions for new initiatives, ensuring security best practices are embedded early.Identify gaps in existing security controls and provide actionable recommendations for improvement.Support compliance with regulatory frameworks and standards such as ISO 27001, NIST, and Essential Eight.Partner with incident response and governance teams to ensure architectural designs support resilience and rapid recovery.

Required Skills & Experience:
Bachelor's or Master's degree in Information Security, Computer Science, or a related discipline.8+ years of experience in information security, with at least 4 years in a Security Architecture or equivalent senior technical role.Proven experience conducting third-party/vendor risk assessments and security architecture reviews.In-depth knowledge of security frameworks such as SABSA, TOGAF, NIST CSF, and ISO 27001.Strong understanding of cloud security architecture (AWS, Azure, or GCP).Ability to translate complex technical risks into business impact and actionable strategies.Excellent communication and stakeholder engagement skills across business and IT teams.Relevant certifications preferred: CISSP, CISM, SABSA, CCSP, or AWS/Azure Security Specialty.

Nice to Have:
Experience with regulatory compliance requirements (APRA CPS 234, GDPR, SOC2).Familiarity with DevSecOps and secure software development lifecycle (SSDLC).Knowledge of identity and access management, network segmentation, and data protection strategies.When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the Tech Aalto Privacy Policy, a copy of which is published at Tech Aalto's website )

Confidentiality is assured, and only shortlisted candidates will be notified for interviews.

---