Job Title: Security and Governance Architect

Role Purpose

The Security and Governance Architect is responsible for designing and maintaining the organisation’s security architecture aligned to ISO/IEC 27001 and NIST frameworks, and for developing and governing the Enterprise Architecture (EA) Governance Framework to ensure regulatory compliance, effective risk management, and secure ICT service delivery.

Key Responsibilities

• Design and maintain enterprise security architecture aligned to ISO/IEC 27001, NIST Cybersecurity Framework, and related standards.

• Develop, implement, and maintain the EA Governance Framework, ensuring security-by-design principles are embedded across all ICT initiatives.

• Define and enforce security architecture standards, principles, and patterns across the enterprise.

• Lead ICT security risk and governance architecture, including risk identification, assessment, mitigation, and reporting.

• Ensure compliance with relevant legislation, regulations, and industry standards (e.g. POPIA, ISO standards).

• Provide security architecture oversight for programmes and projects, including solution reviews and assurance.

• Conduct and support security architecture assessments, audits, and compliance reviews.

• Collaborate with enterprise architects, solution architects, risk, audit, and compliance teams.

• Advise senior management on security risks, governance posture, and control effectiveness.

• Contribute to security policies, standards, and procedures aligned to EA governance.

Qualifications & Certifications

• Relevant tertiary qualification in Information Security, Information Systems, Computer Science, or related field

• CISSP or CISM certification – Mandatory

• ISO/IEC 27001 Certification (Lead Implementer or Lead Auditor) – Mandatory

Experience Requirements

• Minimum 8 years’ experience in ICT Security Risk and Governance Architecture

• Proven experience designing and governing enterprise security architectures

• Demonstrated experience implementing ISO 27001-aligned security controls and governance frameworks

• Experience in enterprise or public-sector environments (advantageous)

Key Skills & Competencies

• Enterprise & Security Architecture

• ISO/IEC 27001 & NIST Frameworks

• ICT Security Risk Management

• EA Governance Framework Design

• Compliance & Assurance

• Security Architecture Principles & Patterns

• Stakeholder Engagement & Advisory

• Audit & Regulatory Alignment

Desirable Experience

• TOGAF or equivalent EA framework exposure

• Experience supporting internal and external security audits

• Knowledge of cloud security governance (AWS, Azure, GCP)

Contact information

Yandiswa D