The Security Architect translates the CISO’s strategic vision into robust, compliant technical solutions across IT, OT, cloud, and network environments. The role ensures end-to-end consistency with NIS2, GDPR, ISO 27001, IEC 62443 and related frameworks, using Archimate modeling and functional frameworks (e.g., CyFun, ISO 27001) to drive traceability, governance, resilience, and business continuity.
Design and evolve the target security architecture, embedding Security by Design and Privacy by Design from early project phases.
Define architecture standards, models, and principles aligned to strategic directions.
Integrate key domains (network, cloud, IT/OT/IoT, ICAM, data, cryptography) into a coherent, modular vision.
Lead/contribute to security intake and architecture committees to maintain alignment with the target architecture.
Perform technical and architectural risk assessments on projects, infrastructures, applications, and industrial systems; recommend mitigations and maintain a consolidated risk view (including SAP, AI use, access management, inter-application flows).
Contribute to drafting/updating technical security standards and ensure alignment with legal and reference frameworks (CyFun, ISO 27001, IEC 62443, NIST, NIS2, GDPR).
Support project, IT/OT, and business teams with security requirements, solution analysis, and RFI/RFP processes.
Ensure alignment of critical components (ICAM, detection/response, cryptography) with security objectives and the IT roadmap.
Monitor threats, technologies, and regulations; drive continuous improvements in detection/response, logging, resilience, and identity management; promote modeling and reusability.
Coordinate with competent authorities when required.
Bachelor’s degree in Cybersecurity, Computer Science, or related field.
5+ years in a similar role within complex hybrid environments (IT, OT, IoT, Cloud, ERP).
Strong knowledge of regulations/standards/frameworks: CyFun, ISO 27001, NIST, IEC 62443, NIS2, GDPR, CIS Controls.
Ability to develop and maintain security processes, policies, and standards aligned with business and regulatory needs.
Broad technical expertise in several of the following:
Network architecture, segmentation, Zero Trust, and Cloud Security
Secure SAP integration
ICAM (IAM, IGA, PAM, federation, provisioning, physical/logical access)
Cryptography (PKI, key management, strong authentication)
XDR, SIEM, monitoring, and auditing
Secure use of AI and generative models
Proficiency with architecture modeling tools/languages (Archimate)
Excellent communication and synthesis skills; structured, critical, solution-oriented mindset; autonomy and rigor; strong sense of priorities and change management skills; ability to interact with technical, business, and executive stakeholders.
Master’s degree in a relevant field.
CISSP certification (strongly preferred).
Demonstrated experience with Zero Trust, IT/OT convergence, SAP integration, and cloud security patterns at scale.
Hands-on practice with architecture committees/intake processes and maintaining traceability of architectural decisions.
Other valued certifications: CISM, CISA, ISO 27001 Lead Implementer, SABSA, or equivalent.
Experience coordinating with competent authorities and contributing to security governance committees.
Advanced exposure to industrial security (IEC 62443), AI security, and cryptographic architecture patterns beyond PKI (e.g., HSM, key rotation strategies).
