[OWASP-South Africa] Business Security Architecture

Michael Bester bestermichael at gmail.com
Tue Aug 26 08:37:55 UTC 2014


I hope it is okay to post this here, please let me know if there is a
better forum to post things like this.

Visa Cape Town has a job posting open that I hope someone on this list
might be interested in.

Link to the job posting: http://rfer.us/VSAmL61Tm

*1. Company Overview *

Common Purpose, Uncommon Opportunity. Everyone at Visa works with one goal
in mind - making sure that Visa is the best way to pay and be paid, for
everyone everywhere. This is our global vision and the common purpose that
unites the entire Visa team. As a global payments technology company, tech
is at the heart of what we do: Our VisaNet network processes over 13,000
transactions per second for people and businesses around the world,
enabling them to use digital currency instead of cash and cheques. We are
also global advocates for financial inclusion, working with partners around
the world to help those who lack access to financial services join the
global economy. Visa's sponsorships, including the Olympics and FIFA™ World
Cup, celebrate teamwork, diversity, and excellence throughout the world. If
you have a passion to make a difference in the lives of people around the
world, Visa offers an uncommon opportunity to build a strong, thriving
career. Visa is fueled by our team of talented employees who continuously
raise the bar on delivering the convenience and security of digital
currency to people all over the world. Join our team and find out how Visa
is everywhere you want to be.

* 2. Purpose *

The purpose of the Business Security Architect is to ensure that business
requirements, designs and solutions of all products for Emerging Markets
Digital (EMD) are in line with Visa and international standards.
The Business Security Architect will report to the Chief Security Officer
and will work with the Software, Security, Technical and Database
Architects in both Technology and Professional Services implementation
teams to ensure that implementations of all EMD products are conforming to
all Visa standards.
This role is required to;
• Develop a secure business security architecture for the products produced
for EMD;
• Drive compliance initiatives to certify product infrastructure against
identified standards
• Interact with partners and customers to validate and evolve the business
security strategy, and participate in security audits;
• Interface with external vendors, partners, and customers, as well as
other internal teams including hardware and software engineering, product
marketing, and systems engineering.
• Assist with helping customers appropriately plan and design secure
processes and functions.

* 3. Principle Accountabilities/Key Results Area *
* Develop architectural specifications: *

* Outputs to deliver this accountability: *
• Define principles and standards for business security architecture with
high focus on mobile financial services
• Identify public standards with which Products and deployments should be
• Maintain an inventory of
- deployment models and business security artefacts
- application components and framework security artefacts

* Maintain the infrastructure roadmap: *

* Outputs to deliver this accountability: *
• Lifecycle roadmaps for platform components used by the products
• Technology security roadmaps
• Industry trends analysis and architectures

* Drive compliance: *

* Outputs to deliver this accountability: *
• Identify security standards applicable to products
• Identify and manage the achievement of certifications / standards
• Develop a communication plan for business security awareness and training
• Identify security strategies and roadmap to align with GIS
• Understand the VISA Key Controls and guidelines for corporate security,
and ensure implementations are compliant and secure, including the use
crypto devices;
• Ensure security supports Event log-level matrix and requirements
• Support the Risk management strategy
• Data lifecycle definitions
• Configurable system elements
• Baseline list of security-related elements
• Revised disaster recovery and business continuity plans
• Support the development and maintenance of the threat analysis matrix

* Interaction with key stakeholders: *

* Outputs to deliver this accountability: *

   - Collaborate and work closely key stakeholders in the following areas:

- PO teams for all business security requirements and security related
- Technical development teams for business and functional security
alignment and guidance
- Technical hardware and network teams for alignment and guidance
- Consultant to management and executive teams on business security related
- VISA teams in GIS and risk teams for alignment and guidance
* People Stewardship/Team Work: *

* Outputs to deliver this accountability: *
• Lead by setting a personal example
• Build work relationships between colleagues and teams
• Act in the best interests of the organisation
• Continue to build organisation-wide understanding, share knowledge and
breakdown silos

* Customer Orientation: *

* Outputs to deliver this accountability: *
• Place the customer at the centre of everything you do
• Achieve greatness through collaboration

* Risk & Compliance: *

* Outputs to deliver this accountability: *
• Protect Visa information, intellectual property and corporate data
systems in accordance with prescribed guidelines
• Familiarize yourself with all risk and compliance related policies and
procedures as communicated by relevant functions
• Complete Risk and Compliance training as per internal requirements
• Ensure adequate protection of the Visa brand and reputation

* 4. Required Experience (education * , * skills -
professional/technical/business) *

* Formal Qualification required: *
• Ideally hold one or more industry security certifications including
• QSA an advantage

* Service Delivery Skills ** required: *
• Knowledge of mobile financial business processes and associated
• Knowledge of mobile operators ecosystems
• Knowledge of financial ecosystems and associated standards and
• Knowledge of cloud computing security an advantage.
• Understanding security protocols including MACsec, IPSec, KEYsec,
SSL/TLS, PKCS, DTLS, AES, SHA-2, RSA, TLS, ISO0/1 PIN blocks and key
exchange protocols.
• Financial systems and transaction standards for example the ISO8583 for
card transactions
• Knowledge of the GSM standards for example the GSM 03.48
• Knowledge of Security methodologies
* Proven Experience ** required: *
• 5+ years' experience in software-focused infrastructure and
infrastructure security architecture.
• Experience with the ISO17799/BS7799 standards and software security
architecture frameworks.
• Experience with the role of hypervisors and virtual machines in data
center security.
• Digital policy management, digital rights management, identity
management, and key management.
• Experience with network design, penetration testing, monitoring,
alerting, and mitigation strategies.
• Exposure to security issues within a regulated environment (HIPAA, SOX,
• Experience with security architecture including network security service
architecture, remote access, WAN security architecture, Firewalls, IDS/IPS,
NAC, SIEM, Content Filtering and authentication systems.
• Familiarity with use and integration of Crypto Accelerators and Pattern
Matching Accelerators
• Experience with hardware acceleration including public key accelerators
and crypto accelerators.
• A background in banking would be an advantage
• Experience with mobile financial ecosystems

* 5. Competencies required to perform optimally in the role *

• Self- motivated and driven to continuously improve personal and
professional skills combined with openness to constructive feedback
• Strong communication and documentation skills

* 6. Values Alignment *

Alignment and identification with the Visa Values:
• Integrity
• Clients
• People
• Collaboration
• Innovation
• Excellence

Alignment and identification with the Visa Global Leadership Competencies:
• Drive Visa Inc. Capability
• Execute Seamlessly
• Promote Stewardship
• Lead Boldly
• Cultivate Innovation
• Model Collaboration

* 7. Language Requirements *

• English
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-southafrica/attachments/20140826/cc669102/attachment.html>

More information about the OWASP-SouthAfrica mailing list