Lead Security Architect

Join to apply for the Lead Security Architect role at SITA Overview WELCOME TO SITA At SITA, we keep airports moving, airlines flying smoothly, and borders open. Our technology and communication innovations power the success of the global air travel industry. You’ll find us in 95% of international airports, working closely with over 2,500 transportation and government clients. Each partnership brings unique challenges, and we thrive on delivering fresh solutions and cutting‑edge tech to keep operations running like clockwork. We don’t just move the world forward—we’re proud to be recognized as a Great Place to Work® by 79% of our employees and certified in most of our growing locations. Here, we feel empowered, supported, and inspired to grow. Are you ready to love your job? The adventure begins right here, with you, at SITA. Purpose The Security Architecture & Standards Centre of Expertise is a team within the Enterprise Information Security Office (EISO) at SITA. The mission statement is to ensure the infrastructure supporting the SITA products and solutions is designed to meet defined corporate, market and regulatory compliance requirements so it can enable SITA’s business objectives. The remit covers all the shared and dedicated infrastructure supporting SITA as a business, as well as that used to deliver our products and customer solutions. As a Security Architect you will provide design governance for the creation of secure infrastructure and the technologies securing that infrastructure. You will interface with the other architecture disciplines, DevOps teams, product management and other stakeholders in achieving this. Key Responsibilities Provide approvals for enterprise and solution architects at key stage gates that the infrastructure has been designed in accordance with security architecture governance. Document governance and approval decisions in wikis, architecture documents, blueprints and other artefacts. Provide security architecture Guidance & Guardrails through the infrastructure lifecycle (technology acquisition, design, development, deployment, operations and disposal). For Guardrails, work with DevOps teams and Product Owners in development of policies, configurations, infrastructure as code and other automations of security controls as SITA implements DevSecOps ("shift left"). Provide guidance & governance around the technologies that secure the SITA infrastructure: Architecture strategy and provide security architecture Guidance & Guardrails. Provide security input to Product Managers at ideation stage when assessing potential new technologies, products & solutions. Research emerging infrastructure security technologies and trends. Influence SITA security Policy & Standards and the overall infrastructure security strategy. Experience 8+ years experience in an IT environment. Required Knowledge & Skills Systems and big‑picture thinking. In‑depth knowledge of technical cyber security controls and their applicability to complex infrastructure and application architectures, including but not limited to: Next‑Generation Firewalls, Network IDS / IPS platforms, Web Application Firewalls, EDR, encryption technologies, identity & access management, logging & monitoring (SIEM), vulnerability management etc. Strong understanding of cloud‑based architecture and development (Infrastructure as Cloud, CI/CD pipelines) and cloud‑based security controls (SASE, CSPM, CASB). Strong understanding of security automation (Ansible, Terraform, Puppet). Strong understanding of operating system and IT infrastructure hardening (CIS Benchmarks). Knowledge and demonstrated application of key security principals to architecture: defence in depth, zero trust, least privilege, segregation of duties. Excellent understanding of software defined networking (SD WAN) and key networking technologies (IPv4 & v6, OSPF, BGP, IPSEC, MACSEC, DNSSEC) Experience with PCI DSS compliant designs and P2PE. Strong communication skills, especially in taking complex technical information and presenting it to a non‑technical audience. Proven ability to work with operations teams to plan projects, deal with technical issues and provide knowledge