Technical Security Architect

Basic Function

As a Technical Security IT Architect you are responsible for designing, implementing, and managing security across all technology platforms, excluding SAP applications and define a strategy that supports the company’s overall strategy and the Technology roadmap. This role plays a critical role in ensuring the effective functioning and compliance of non-SAP systems within LYB. This role is pivotal in safeguarding LYB’s critical assets by ensuring the confidentiality, integrity, and availability of our systems and data. This role requires some level of expertise in Identity and Access Management (IAM) with experience in Microsoft security ecosystems or other tools. This position involves leading the development of non-SAP application security architecture frameworks, policies, and procedures to protect the organization's IT assets and ensure compliance with industry standards and regulations. This position involves developing and implementing strategies to identify, assess, and remediate controls-related issues within LYB IT environments. This role will be driving security efficiencies, ensuring that technical governance is based on sound architectural principles and correctly documented. This position will work closely with other IT functional and technical Architects, IT Leadership Team, Cyber Security, Internal Controls, Internal Audits and Product teams. 

Roles & Responsibilities

A Technical Security Architect is responsible for ensuring the security of a company's non-SAP systems including on-prem and Cloud. They develop and implement security policies and procedures, conduct security assessments, and perform audits to identify vulnerabilities and risks. They also design Application Security models (Access control and Process control), manage business workshops for requirement gathering, and convert business requirements into technical design/authorization matrix and documentation.:

Application Security Design & Strategy:

• Define and implement application security architecture, focusing on secure integration with IAM solutions.
• Establish and enforce best practices for securing applications across development and operational environments.
• Ensure compliance with industry standards, regulations, and organizational policies.

Identity & Access Management Expertise:

• Leverage Microsoft Identity solutions (Azure AD, Active Directory, and related services) for secure application integration.
• Implement and optimize IAM Tool for application access governance and identity lifecycle management.
• Design role-based access controls (RBAC), single sign-on (SSO), and multi-factor authentication (MFA) mechanisms for application security.
• Design, implement, and manage security controls for various applications and technologies, including but not limited to:
• Identity and access management (IAM)
• Cloud security (IaaS, PaaS, SaaS)
• Network infrastructure (firewalls, routers, switches, VPNs)
• Endpoint protection (antivirus, intrusion detection/prevention systems)
• Data protection and encryption
• Security information and event management (SIEM)
• Continuously conducting comprehensive assessments of existing controls frameworks, policies, and procedures within different systems, excluding SAP, to identify weaknesses, gaps, and areas of non-compliance.
• Collaborating with other LYB IT architects, IT CoE, IT Product teams and Cyber Security team to design and implement technical solutions that enhance control mechanisms within on-prem and cloud systems, including configuration changes, system upgrades, and integration with third-party tools.
• Collaborating with internal audit and business stakeholders to understand control requirements and risk assessments.
• Systematically design and implement technical solutions to mitigate control risks using best practices and industry standards.
• Regularly document and communicate control remediation activities and their impact on business processes.
• Staying up-to-date on the latest security threats and vulnerabilities.
• Creating documents such as System Security Plan (SSP), Security Assessment Report (SAR), Contingency Planning, Incident Response Plan, Technical Risk Assessments(TRA) Plans of Actions and Milestones (POA&Ms)

Min. Qualifications

This is a Principal Technical security control architect position requiring either a degreed professional who possesses a Bachelor's degree in Computer Science, Business or Engineering with a minimum of fifteen (15) years of relevant experience. This individual must demonstrate strong technical security expertise and knowledge in each of the following technology disciplines:

• Bachelor’s degree or higher in information technology, Computer Science or a related discipline
• 15 years of professional experience in security, controls and remediation.
• Minimum of 5 years of experience in security and controls.
• Strong expertise with Microsoft security technologies (Azure AD, Identity Protection, Conditional Access).
• Proven experience in identifying, analyzing, and remediating control deficiencies.
• Deep understanding of secure application design, SDLC security, and IAM integration.
• In-depth understanding of security concepts, including authorization, segregation of duties, and user access management.
• Experience with internal audit methodologies and frameworks is a plus.
• Knowledge of relevant compliance regulations (e.g., SOX, GDPR).
• Strong understanding of data privacy and security best practices is a plus.
• Excellent project management skills.
• Demonstrated problem solving, multi-tasking, troubleshooting skills with a high degree of flexibility
• Experience in Software Development Life Cycle (SDLC) / Agile development / DevOps
• Strong analytical skills with the ability to understand key business processes and related issues
• Strong self-leadership and ability to work independently and manage conflict
• Demonstrated competency in accurately identifying the scope of work and preparing thorough, accurate and detailed schedule estimates.
• Non-functional requirements gathering and solutioning experience
• Ability to develop successful relationships with external and internal partners
• Good understanding of Microsoft and other technology systems such as Azure Cloud, Office 365, AspenTech, OpenText, Salesforce, OneStream 
   

Preferred Qualifications

Competencies