Big Picture Medical is a fast-growing, Australian tech business operating on the global stage with offices in Sydney and London. We are looking for an experienced Cyber Security lead who will work closely with our product, AI research, design, and development teams to build and deliver cutting-edge applications to completely change the delivery of healthcare for everyone on the planet.
This is an incredibly exciting time to join the business and get involved with advanced and innovative product builds.
As a Security Architect you will…
Be responsible for cyber security across our cloud business platform, product development stack, and lifecycle activities. You’ll design and implement security structures to thwart intrusions then test and audit the cyber security landscape ongoing. You’ll ensure our maturity and compliance with Essential 8 (ASD) and take us through the ISO 27001 Stage 1 and 2 certification process. Your ultimate goal is to provide actionable risk management across our critical infrastructure, protect our rapidly scaling business and build a culture of cyber awareness and resilience.
You may recommend appointing a Managed Security Services provider. With regard to our product development lifecycle, you’ll inject security practices into our DevOps pipeline, so that we incorporate security into all stages of the software design and development workflow (DevSecOps).
Based in Sydney. You will report to the Lead Architect and collaborate intensely with our cloud platform,
product management, data management and stakeholder experience teams.
Review current systems security measures, develop strategies and a security roadmap (inclusive of the Essential 8), implement enhancements - including if deemed necessary bringing on a managed security services partner
Conduct regular system tests and ensure continuous monitoring of network security
Promote cyber security awareness and help build a culture of resilient behaviours and mindsets across the eco-system
Establish disaster recovery procedures and conduct training and drills
Promptly respond to all security incidents and provide thorough post-event analyses
Implement and manage DevSecOps to ensure our product and features roadmap is secure by design
Lead ISO 27001 certification, such that as the business scales, the risks are demonstrably managed.
Ideal Candidate :
Personal Style - You’re perceptive, empathetic, and self-aware and this makes you persuasive and also pragmatic in achieving outcomes
Communication – you interact with numerous internal and external groups and work closely with enterprise, solution, and data architects and engineers. You also work day to day with software engineering and product teams to embed effective DevSecOps. So you must have fluency with the language of these groups and be able to communicate and coach at the business and conceptual level as well as the detailed technical level
You have mastered the application of DevSecOps Design patterns, principles, and practices to achieve DevSecOps maturity on the cloud
You have a deep understanding of how new technologies and advanced architecture paradigms impact and transform the IT security landscape
You have a good working knowledge of related technologies/concepts, including cloud platforms, operating systems (Linux ideally) networking, programming, and scripting languages
A degree in Information Technology, Computer Science or related field is expected
You may have additional advanced security qualifications such as SABSA
(Sherwood Applied Business Security Architecture) or CISSP (Certified Information
Systems Security Professional) certifications
You should have a DevSecOps certification to validate skills for designing,
assessing and securing services and solutions on the cloud
5 yrs+ experience in information security and/or IT risk management, including implementing
o DevSecOps functions
o Security solutions
o Multi-factor authentication, single sign-on, identity management or related technologies
o Implemention of ISO 27001 and /or NIST/COBIT frameworks
Demonstrated ability to interact with a broad cross-section of stakeholders to explain and enforce security measures