Senior Associate, Security Architect (12-Months Contract)

Build the future with QTC

Join an organisation that has been recognised as ‘one of Australia’s best places to work’, winning multiple Employer of Choice awards in recent years for professional development, employee benefits and culture.

QTC is the central financing authority for the Queensland Government and provides financial resources and services for the State. We manage the State’s funding program in the global capital markets to deliver sustainable and cost-effective borrowings for the Queensland Government, local governments, and other related entities (our clients). 

With a statutory role to advance the financial interests and development of the State, we help to deliver innovative, long-term solutions that contribute to the growth of Queensland’s economy. We protect Queensland’s financial interests and deliver better financial outcomes by centralising the management of our clients’ borrowings, cash investments, and foreign exchange. 

Purpose of Role

The Security Architect will be pivotal in collaborating with the Project Management Office (PMO) to advise on and implement best practices in technology solutions. This role is essential in assessing the current technology architecture and working closely with the PMO and other stakeholders to suggest solutions that align with business goals. The Security Architect is a primary source of expertise for the security implications of technological alterations. They will be tasked with guiding the PMO and updating architectural artifacts to ensure the highest standards of Security Architecture design and implementation are maintained.

Responsibilities & Accountabilities

The key areas of responsibility and accountability include:

Governance

• Assist in maintaining QTC’s Technical Design Principles in line with QTC’s technology strategies, business requirements and the evolution of services in the market.
• Develop and maintain Security Architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.

Strategy and Planning

• Support the Technology, Data and Information team in the creation of Technology and Cyber Security Strategies and Roadmaps to ensure QTC’s technology landscape continues to evolve in line with the market, and the evolving cyber threat landscape is managed.
• Enabling and supporting QTC in developing a mature design culture through collaboration with key business stakeholders.
• Working in collaboration with the business to undertake planning to realise future technology benefits and to ensure existing technology has maximum uptake.
• Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts.

Maintenance and Hygiene

• Have oversight of QTC’s technology and security landscape, its strengths, weaknesses and suggest opportunities for improvements. 
• Assist in the development and ongoing maintenance of technical architectural artefacts including information and system architecture.
• Assist in reviewing and maintaining technical design and as-built documentation to ensure it accurately reflects the current state.
• Support the testing and validation of internal security controls, as directed by information security manager / Architect lead or the internal audit team.
• Assess provider’s security certifications (SOC, ISO) for security related deficiencies and report any finding as required.

Design

• Be a key point of reference for cross-system / solution impact of technology changes. This includes providing input into Business Cases and Change Requests, and working with the PMO to ensure all security aspects are considered through the change process.
• Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable.
•  Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and antimalware/endpoint protection systems.
• Conduct or facilitate threat modelling of services and applications that tie to the risk and data associated with the service or application
• Coordinates with DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices.
•  Coordinate with the Information Manager to document data flows of sensitive information in QTC (e.g., PII) and recommend controls to ensure that this data is adequately secured (e.g., encryption and tokenisation)
• Reviews network segmentation to ensure least privilege for network access
• Support the Security team with reviewing security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
• Evaluate the statements of work (SOWs) for these providers to ensure that adequate security protections are in place.

Competencies

Technical Competencies

• Proven collaboration and project management skills, particularly in the Information Technology and Data space, including a broad knowledge of best practice standards
• The candidate is expected to have significant experience in a previous role providing cyber Security Architecture.
• Deep knowledge and experience with Security Architecture for Azure IaaS and PaaS solutions, including Azure Governance, Security, Identity, Monitoring, and Automation.
• Extensive experience in the application of ICT risk assessment and management processes for complex business environments and supporting ICT infrastructure.
• Experience with ICT vendor service management, SaaS/PaaS/IaaS services, enterprise content management systems, electronic document management systems.

Behavioural Competencies

• Integrity, including upholding strong professional and ethical standards.
• Willingness to accept responsibility and accountability
• A passion for technology, data and innovation, and a forward-thinking approach
• Discretion, maintaining confidentiality, and recognising and respecting sensitivities
• Result-driven individual with an innate ability to remain calm and composed during times of uncertainty and stress

Leadership & Management Competencies

• Demonstrate personal drive, integrity and commitment to achieve results
• Provides technical leadership 
• Mentors and coaches project team members and change proponents 

Qualifications

Essential

• Requires Tertiary qualification in Information Technology, Computer Science or Computer Engineering or equivalent experience.

Desirable

• Certifications in Azure Architecture highly desired (AZ-305)
• Industry certifications such as TOGAF, CISSP, CCSP, SC-100 and AZ-500
• Experience with the Microsoft Power Platform and Microsoft Dynamics will be well highly regarded

Experience

Essential

• Minimum of 5 years’ experience architecting solutions across complex applications and infrastructure environments including the Microsoft Technology stack. 
• Proven experience in the application of technology solutions to business problems in financial organisations. 
• Demonstrated knowledge of solution design and architecture skills.
• Strong knowledge and understanding of industry trends and technology. 
• Experience in contributing to the development and implementation of new technology systems, processes, and practices
• Experience in reporting and presenting complex technical information to various internal stakeholders.
• Experience in being responsive, adaptive, and agile to changes in direction and approach.
• Technical and architectural expertise in many ICT areas – key areas of interest include zero trust, identity and access management, encryption, network security and secure cloud computing.
• A wide knowledge base over many cyber security disciplines, to engage with in-depth technical resources and gain subject matter expert-specific insights.

Desirable

• Recent experience in assisting with the implementation of Microsoft Azure services, including understanding cost impact in design, would be beneficial.

Why will QTC be the best work of your career?

Work

We do work that improves Queensland for generations. We are a leader in finance, creating meaningful solutions with profound outcomes. We set the standard in financial solutions. We address the challenges of today, with results for tomorrow. 

People

We are an inspired team of solution creators. We believe that curiosity is the ultimate problem solver. That the best teams are united by trust, not divided by ego. And that diversity sets us apart. 

Culture

We recognise that developing our people leads to their success, that energised teams create brighter outcomes and that with the freedom to challenge, we can strive for better together. 

Benefits 

We are dedicated to investing in your future. We understand that an energised mind is cultivated by time and investment, that developing future leaders requires commitment and that your best work starts with your best self. Benefit from a best-in-class professional development program, flexible work, leadership programs, study support, paid-parental leave, salary packaging and a corporate wellbeing program (including discounts for you and your family to a range of fitness facilities close to home or work).