Job offers

Security Architect


About Us

ERGO Technology & Services S.A. (ET&S S.A.) was established in January 2021 following the integration of ERGO Digital IT and Atena into one entity, leveraging both companies strengths and best practices.

ET&S S.A. belongs to ERGO Technology & Services Management AG, the technology holding of ERGO Group AG, supporting millions of internal and external customers with state-of-the-art IT solutions to everyday problems.

Discover how we implement AI, IoT, Voice Recognition, Big Data science, advanced mobile solutions, and more to accommodate our customers’ future needs worldwide.

Become a part of the digital revolution and apply to join us!

About the role

We are looking for an IT Security Architect who will join the Global IT Security Architecture Team and be accountable for planning, designing, and communicating security architecture roadmap and strategy, ensuring that solution designs align with the target architecture landscapes meeting business and technology requirements.

You will be responsible for representing IT Security Architecture, designing architecture solutions aligned with ERGO Group strategy, delivering assessments and advisory for global and complex security program portfolio, which includes cloud migration initiatives, and ensuring that designed solutions successfully meet the regulatory compliance of major international companies in the insurance sector.

Within different ERGO Group projects, you will act as a key person responsible for coordinating the cybersecurity area, including demanded security analysis, security controls implementation (e.g. audit traces, communication security, access control model, data processing validation), and security self-assessment. You will cooperate with members of the IT Architecture Team, as well as our developers, designers, and software engineers on all relevant security topics.

How you will get the job done

  • assuming complete responsibility for translating security requirements into a service portfolio that will help to establish the scope of the security architecture function
  • contributing to the development and implementation of security architecture process into process portfolio ensuring effective and efficient collaboration and enforcement of security architecture principles
  • supporting analysis and assessments of the current technological landscapes discovering gaps, and deficiencies, and recommending design or implementation improvements
  • facilitating evaluation, modification, and selection of core, common, and distinct security solutions with an emphasis on standardization of the architecture ecosystem across the ERGO group
  • cooperating with Global IT Security and IT, translating information security policies into a technical security control framework and security architectural blueprints, communicating these to the projects and stakeholders
  • participating in the definition, prototyping, and continuous development of ERGO IT security reference architecture, methodology, models, and security controls; aligning requirements from the architecture teams, technology teams, and Global IT Security colleagues
  • supporting and/or consulting implementation of security architecture, and aligning with IT Architecture functions (enterprise, solution) in other domains
  • cooperating with other security units and developing security standards, scheduling improvements based on IT strategy, project feedback, and other sources
  • managing stakeholder relationships working closely with business stakeholders, domain leaders, process owners, and third-party suppliers
  • ensuring that projects and solutions incorporate security design principles and that IT security is embedded at the early stages of the development process
  • challenging the status quo, service landscapes, and security solutions to improve the adherence to security principles as well as policies and standards
  • evaluating and analyzing emerging IT and security technologies and market trends, as well as their potential impact on ERGO
  • reviewing existing architectures in the projects and assessing the security maturity and compliance levels, to jointly identify potential short- and long-term improvement

Skills and experience you will need

  • proficiency in English (at least C1)
  • minimum 5 years of technology and IT experience in an enterprise environment, ideally with a specialization in information security topics, either in software and/or infrastructure development
  • minimum 2 years of professional experience as an IT and/or information security architect and/or consultant
  • degree in Computer Science, Information Security, or relevant experience
  • proven knowledge of international security standards and methodologies as well as additional qualifications (CISSP, CISA, CISM, SABSA, TOGAF, or equivalent)
  • understanding business process context
  • hands-on experience and superior technical knowledge in at least two of the following technologies: Windows, Linux/Unix, Networking, Databases, Middleware, CI/CD, Containerization/K8S, Public cloud (AWS, Azure, GCP)
  • ability to translate business requirements into technical solutions
  • presentation skills including the ability to present and explain complex cybersecurity solutions to a non-technical audience (including C-level management)
  • good analytical and conceptual skills
  • ability to build authority and form strong relationships
  • ability to deal with ambiguity while working in a continually changing environment under indirect supervision
  • high decision-making and prioritization skills
  • high cultural awareness and working experience in a complex and multicultural environment
  • excellent experience in security solution evaluation (e.g. Proof of Concept) and recommendation
  • knowledge of microservices-based and distributed systems architecture

Nice to have

  • experience in the IT environment of financial services companies and the technologies used there
  • background in any modern programming language, compiled (such as Java, C++) or used for scripting (such as Python, BASH)
  • ISO27001/27002/27005, CISSP, ISSAP, CISA, CISM, TOGAF, and COBIT certifications
  • good knowledge of authentication and authorization procedures and protocols (OAuth, OpenID Connect, SAML, WebAuthN, CTAP)
  • knowledge of security frameworks (offensive/defensive) such as MITRE ATT&CK, Cyber Kill Chain/Unified Kill Chain, SABSA, CIS, OWASP
  • web Application Security (Java/Javascript, HTTP/2, ASP.NET, Nginx, IIS, WAF, DDoS, CDNs)
  • practical knowledge of Zero-Trust architecture
  • modern encryption and key management methods for both in-transit and at-rest data protection
  • threat modeling and technical risk assessment (STRIDE method or comparable standards)
  • community contributions (open source work, publishing/speaking on technical and security ideas)
  • knowledge of ITIL service management

Interested in this position?

Apply now

Why work with us?

Let&s be fit

We realize that most of us need assistance to stay in shape and good health. That's why we provide every employee with a medical package coverage and co-finance a sports card. Additionally, we support a number of sports sections, and, you can even join our yoga team in the summer to practice yoga on the roof!

Let&s be balanced

Work-life balance is essential for us. That's why we offer our employees flexible working hours, pet-friendly offices, and if you would like to stay with your pet at home, a remote work environment. However, it won't be easy to stay at home with our in-office gaming room.

Let&s be smart

Staying up-to-date with all the new systems and technologies is not an easy task. That's why we have an extensive training and workshops offer, both in-house and with external providers. We organize hackathons and meetups, which are an excellent opportunity for our specialists to showcase their expertise. On top of that, we offer digital learning platforms, language courses, and a library.

Let&s be responsible

We love to see the difference we make together with our CSR projects. That's why we are always open to new projects, and we would love to include you in our next charity event!

Let&s be fun

At ET&S we love not only to work but also relax together. Sports events like company-wide bike race, or maybe a film marathon in our cinema room? Don't worry; we got it covered! Maybe you have a passion and would love to make an event out of it? Sure! We will help you!

Let&s be diverse

At ET&S we create a working environment free of prejudice and exclusion. Each member of our team can experience being valued, regardless of his or her gender, nationality, religious beliefs, disabilities, age, and sexual orientation or identity. Your wide range of qualifications, experiences, and ways of thinking are of great benefit to us!

Get to know us better

Check how it is working at ERGO Technology & Services

link to facebook

link to linkedin