Senior Cyber Security Architect

Tēnei tūranga – About the role

Reporting to the Cyber Security Portfolio Manager or Head of Cyber Security Advisory, this role is a specialist position within the security architecture and information security domains for the Ministry.

The Senior Cyber Security Architect is responsible for input into the development and operation of the current and future security architectures for the Ministry’s ICT solutions whilst ensuring optimal alignment with the Ministry’s strategic direction and business needs, and government and industry standards.

The Senior Cyber Security Architect becomes involved with solutions at the time of inception and then remain involved throughout the lifecycle of a project to ensure solutions contribute to and deliver on MBIE's strategic direction. The Senior Cyber Security Architect conducts retrospective security assessments and assesses the security/assurance of a solution over its product lifecycle and develops continuous assurance processes for MBIE systems.

A key part of the role is to undertake security Certification activities of projects and systems assigned.

The Senior Cyber Security Architect is responsible for providing Security SME to project teams and business stakeholders of a solution for:

• New projects.
• Modifications to existing services; or ad-hoc advice on BAU activities.
• The creation of ICT security policies, standards, guidelines, strategies and roadmaps.
• Under-taking security Certification activities for projects and solutions including performing the upfront risk analysis.
• Translating security risks, issues and remediations to different stakeholders – including project teams, product managers, business owners and Deputy Secretary’s at MBIE.

The Senior Cyber Security Architect is responsible for ensuring quality and consistency of advice and practices in relation to their contribution to the team’s work.

The Senior Cyber Security Architect will:

• Provide specialist consultancy services to MBIE across the range of cyber security disciplines.
• Conduct ICT security risk assessments across current and future ICT solutions.
• Define and implement effective risk strategies.
• Provide Security SME advice to project teams and business stakeholders on new projects or existing solutions; modifications to existing services; or ad-hoc advice on BAU activities.
• Contribute to the Security Architecture Framework (SAF) including the creation of ICT security policies, standards, guidelines, strategies and roadmaps.
• Contribute to security Certification of projects including performing the upfront risk analysis.
• Contribute to the development and maintenance of the MBIE’s current and future security architectures for its ICT solutions.
• Ensure solutions are optimally aligned with the Ministry’s strategic direction and business needs, and government and industry cyber security standards.
• Guide solutions from inception to delivery including the undertaking security Certification of projects including performing the upfront risk analysis.

Ngā herenga – Requirements of the role

Personal specifications

To be effective in the role, the Senior Cyber Security Architect should have:

• In-depth knowledge and 10+ years’ experience and broad knowledge of ICT security technology.
• Proven experience in the development and implementation of ICT security strategies and architecture in a large organisation
• An in-depth understanding of cyber security and NZISM.
• Proven expertise in the design and specification of security solutions.
• Ability to interact successfully at various levels of a government organisation.
• Ability to quickly establish and build strong working relationships and develop trust and credibility with managers, staff, vendors and other stakeholders.
• Demonstrate strong inter-personal and relationship skills, with clear evidence of facilitation capability.
• Ability to lead others to get the best outcomes where direct reporting relationships do not exist.
• Proven leadership skills including demonstrated ability to influence and motivate others in achievement of ICT goals.
• Excellent communication skills – both verbal and written.
• Practical experience in making sense out of complexity.
• Broad knowledge of ICT environments, business practice and systems.

Qualifications

• A relevant tertiary qualification or equivalent knowledge, skills, and experience.
• Security architect practitioner certification, or equivalent.
• Knowledge and understanding of NZISM.
• CISM or similar would be a distinct advantage.
• Must have the legal right to live and work in New Zealand.
• Must be able to obtain and maintain a Secret or higher-level security clearance.

Takohanga tuhinga o mua – Key accountabilities and deliverables

Security Certification for assigned projects and solutions

• Security architectures for the Ministry’s ICT solutions aligned with the Ministry’s strategic direction and business needs, and government and industry standards.
• Responsible for the development of appropriate cyber security architecture for all of MBIE.
• Provides technical leadership to the wider security branch to ensure that architecture is fit for purpose and adaptable for the future.
• Uses appropriate tools, including logical models of components and interfaces, to contribute to the development of systems architectures in specific business or functional areas.
• Produces detailed component specifications and translates these into detailed designs for implementation using selected products.
• Within a business change programme, assists in the preparation of technical plans and cooperates with business assurance and project staff to ensure that appropriate technical resources are made available.
• Provides advice on technical aspects of system development and integration (including requests for changes, deviations from specifications, etc.) and ensures that relevant technical strategies, policies, standards and practices are applied correctly.
• Takes responsibility for understanding client requirements, collecting data, delivering analysis and problem resolution.
• Identifies, evaluates and recommends options, implementing if required.
• Collaborates with, and facilitates stakeholder groups, as part of formal or informal consultancy agreements.
• Seeks to fully address client needs, enhancing the capabilities and effectiveness of client personnel, by ensuring that proposed solutions are properly understood and appropriately exploited.
• Stays informed on developing security threats and responses and assesses potential impacts on MBIE systems and data.
• Provides leadership and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Conducts security risk assessments, controls validation assessments and Certification on ICT systems.
• Contributes to development of information security policy, standards and guidelines.
• Plans and manages the implementation of organisation-wide processes and procedures, tools and techniques for the identification, assessment, and management of risk inherent in the operation of business processes and of potential risks arising from planned IT-enabled change.
• Contributes to the creation and review of a systems capability strategy which meets the strategic requirements of the business.
• Develops models and plans to drive forward the strategy, taking advantage of opportunities to improve business performance.

Relationship Management

• Participates as an active team member and contributes knowledge and expertise needed to achieve MBIE’s outcomes.
• Develops effective working relationships with MBIE managers and staff in order to transfer knowledge and learning from the team to the wider organisation.
• Builds and maintains effective relationships and partnerships with internal and external stakeholders, as necessary, in order to identify and share best practice information and to promote the Ministry, its products and services.
• Represents whole-of-Ministry views and protects its reputation in any external interactions.

Self-Management

• Models positive behaviours.
• Models the desired values and culture of the organisation.
• Willingly shares knowledge, expertise and within the team and with others in the organisation.
• Acts with honesty and integrity.
• Welcomes feedback and is receptive to input from others.

Organisational Commitment and Public Service

• Builds commitment to MBIE’s vision, mission, values and services.
• Willingly undertakes any duty required within the context of the position.
• Manages own personal health and safety, and takes appropriate action to deal with workplace hazards, accidents and incidents.
• Complies with all legislative requirements.
• Adheres to the Ministry’s and State Services Commission Codes of Conduct.

Wellbeing, health and safety

• Displays commitment through actively supporting all safety and wellbeing initiatives.
• Ensures own and others safety at all times.
• Complies with relevant safety and wellbeing policies, procedures, safe systems of work and event reporting.
• Reports all incidents/accidents, including near misses in a timely fashion.
• Is involved in health and safety through participation and consultation.

Tō tūranga i roto i te Manatū – Your place in the Ministry

The Senior Cyber Security Architect position reports into the Cyber Security Portfolio Manager or Head of Cyber Security Advisory within the Cyber Security branch. The branch sits within the Digital, Data and Insights group.

More information about MBIE’s structure

To mātou aronga – What we do for Aotearoa New Zealand

Hīkina Whakatutuki is the te reo Māori name for the Ministry of Business, Innovation and Employment. Hīkina means to uplift. Whakatutuki means to move forward, to make successful. Our name speaks to our purpose, Grow Aotearoa New Zealand for All.

To Grow Aotearoa New Zealand for All, we put people at the heart of our mahi. Based on the principles of Te Tiriti o Waitangi / The Treaty of Waitangi, we are committed to upholding authentic partnerships with Māori.

As agile public service leaders, we use our breadth and experience to navigate the ever-changing world. We are service providers, policy makers, investors and regulators. We engage with diverse communities, businesses and regions. Our work touches on the daily lives of New Zealanders. We grow opportunities (Puāwai), guard and protect (Kaihāpai) and innovate and navigate towards a better future (Auaha).

Ngā matatau – Our competencies

Cultivates innovation We create new and better ways for the organisation to be successful by challenging the status quo generating new and creative ideas and translating them into workable solutions.

Nimble learning We are curious and actively learn through experimentation when tackling new problems by learning as we go when facing new situations and challenges.

Customer focus We build strong customer relationships and deliver customer-centric solutions by listening and gaining insights into the needs of the communities we serve and actively seeking and responding to feedback.

Decision quality We make quality and timely decisions that shape the future for our communities and keep the organisation moving forward by relying on an appropriate mix of analysis, wisdom, experience, and judgement to make valid and reliable decisions.

Action oriented We step up, taking on new opportunities and tough challenges with purpose, urgency and discipline by taking responsibility, ownership and action on challenges, and being accountable for the results.

Collaborates We connect, working together to build partnerships with our communities, working collaboratively to meet shared objectives by gaining trust and support of others; actively seeking the views, experiences, and opinions of others and by working co-operatively with others across MBIE, the public sector and external stakeholder groups.

Te Tiriti o Waitangi

As an agency of the public service, MBIE has a responsibility to contribute to the Crown meeting its obligations under Te Tiriti o Waitangi (Te Tiriti). Meeting our commitment to Te Tiriti will contribute towards us realising the overall aims of Te Ara Amiorangi – Our Path, Our Direction, and achieve the outcome of Growing New Zealand for All. The principles of Te Tiriti - including partnership, good faith, and active protection – are at the core of our work. MBIE is committed to delivering on our obligations as a Treaty partner with authenticity and integrity and to enable Māori interests. We are committed to ensuring that MBIE is well placed to meet our obligations under the Public Service Act 2020 (Te Ao Tūmatanui) to support the Crown in strengthening the Māori/Crown Relationship under the Treaty and to build MBIE’s capability, capacity and cultural intelligence to deliver this.

Mahi i roto i te Ratonga Tūmatanui – Working in the public service

Ka mahitahi mātou o te ratonga tūmatanui kia hei painga mō ngā tāngata o Aotearoa i āianei, ā, hei ngā rā ki tua hoki. He kawenga tino whaitake tā mātou hei tautoko i te Karauna i runga i āna hononga ki a ngāi Māori i raro i te Tiriti o Waitangi. Ka tautoko mātou i te kāwanatanga manapori. Ka whakakotahingia mātou e te wairua whakarato ki ō mātou hapori, ā, e arahina ana mātou e ngā mātāpono me ngā tikanga matua o te ratonga tūmatanui i roto i ā mātou mahi.

In the public service we work collectively to make a meaningful difference for New Zealanders now and in the future. We have an important role in supporting the Crown in its relationships with Māori under the Treaty of Waitangi. We support democratic government. We are unified by a spirit of service to our communities and guided by the core principles and values of the public service in our work.

What does it mean to work in Aotearoa New Zealand’s Public Service?(external link) — Te Kawa Mataaho The Public Service Commission