Technical Security Architect, Digital Square
Deadline of this Job:
18 May 2022
Within Zambia , Lusaka , South - Central Africa
Date Posted: Thursday, May 12, 2022 , Base Salary: Not Disclosed
Technical Security Architect, Digital Square
PATH is a global nonprofit dedicated to achieving health equity. With more than 40 years of experience forging multisector partnerships, and with expertise in science, economics, technology, advocacy, and dozens of other specialties, PATH develops and scales up innovative solutions to the world’s most pressing health challenges.
The Center of Digital and Data Excellence (CoDE) at PATH works with government ministries of health, the private sector, and donors to strengthen the use of digital technologies and data for improved health services. Digital Square is one of CoDE’s flagship global initiatives. It is PATH-led and funded by multiple donors, including USAID and the Bill & Melinda Gates Foundation, to advance digitally enabled health services to help close the health equity gap. Conceived from the lessons of the inefficiencies and redundancies of prior investments in digital technologies for international development, Digital Square works with ministries of health to align adaptable, interoperable digital technologies with local health needs and brings partners together to improve how the global community designs, uses, and pays for digital health tools and approaches.
PATH is currently recruiting for a Technical Security Architect for its Digital Square team. The Technical Security Architect will be responsible for the strategic direction, technical excellence, and implementation of security across several projects. This position will support PATH’s CoDE team, including all its partners and implementers to ensure that best practices around Data Privacy & Security, Information Security (infosec), Development-Security-Operations (DevSecOps) and Cyber Security (cybersec) are well-established, shared and applied within its internal operations as well as across all its projects and external activities. S/he will work closely with the CoDE and Digital Square teams to ensure adaptability of the policies, processes and guidelines as well as their implementation and compliance. S/he will also provide subject matter expertise on Data Privacy & Security, Infosec, DevSecOps and Cybersec across the organization’s programs, projects and country offices. This position will report to the CoDE Technical Director with a dotted line to the Managing Director of Digital Square.
• In collaboration with CoDE leadership, develop the security strategy with regards to data, information and digital information systems and cyber security.
• Lead in the development of policies, processes and guidelines on Data Privacy & Security, InfoSec, DevSecOps and CyberSec for all digital and information systems projects across the center and its initiatives and projects.
• In collaboration with the CoDE global technical team, TAP, LL and D4A teams, ensure that proposed and existing systems’ code and architecture are in compliance with current policies.
• Provide technical input and support to data and information systems during the design phase as well as for security assessments and audits (code, application, infrastructure) across implementation, project and software development life cycles.
• Provide technical and capacity building support and contribute to the socialization of security best practices with implementing partners, communities, and other stakeholders.
• Revisit and strengthen strategy, policies, processes and guidelines on a regular basis to address new threats or systems added or relevant industry best practices.
• In collaboration with the partners, provide advice and assist in the detection and resolution of any security incidents or detected Common Vulnerabilities or Exposures (CVEs).
• In collaboration with consortia of partners:
o provide recommendations to host country governments, donors, and other stakeholders, on tools to use and/or implement for the various needs identified in alignment with the recommended security strategy and policies, e.g.:
• Intrusion detection system (IDS)
• Intrusion prevention system (IPS)
• Data Loss prevention (DLP)
• Static/Dynamic/Interactive Application Security Testing (SAST/ DAST/ IAST)
• Software composition Analysis (SCA)
• Penetration testing (PEN)
• Anti-distributed denial of service (DDoS)
• In collaboration with the digital health Global Goods technical team and upon request, review source code and architecture of the Global Goods and perform security assessments and audits.
• Create guidance documents, toolkits, and/or webinars to support teams in conducting data security audits for countries, projects, and donor driven initiatives.
• Model a data security audit and lead development of the implementation process for these as required.
• Advanced degree in data, information systems, cyber security health informatics or other related field.
• At least 7 years of progressive experience as a security architect in a multi-national organization, preferably non-for-profit.
• Demonstrated experience in developing best practice on systems security documents including guidelines, standard operating procedures, and security assessment reports.
• 3-5 years of experience as a security engineer or analyst implementing security tools, performing assessments and audits of integrated information systems, including locally hosted, hybrid or cloud-based systems and managing incidents (including fixing issues, applying patches, tracking incidents, preparing reports, etc.).
• Demonstrated experience designing, and implementing security strategy, policies, processes, and guidelines.
• Experience with security-by-design principles applied to software development across the project and software lifecycle.
• Ability and willingness to travel 20% of the time within the region and be available for international travel to participate in global and regional conferences and meetings as requested.
Preferred skills and experience:
• Previous engagement with senior level stakeholders such as donors and senior government staff (especially in the health domain) to discuss data security strategies, tools and approaches.
• Previous experience in working with and in open-source communities and providing security guidance.
• Certified CSSA or CISSP-ISSAP.
• Knowledge of public health, social sciences, epidemiology, pediatric health, international development desired.
To be considered applicants must submit the following as part of the online application process:
• Cover Letter
• CV in reverse chronological format
PATH is dedicated to building an inclusive workforce where diversity is valued.
PATH is an equal opportunity employer. Every qualified applicant will be considered for employment. PATH does not discriminate based on race, color, religion, gender, sexual orientation, gender identity, genetic information, age, national origin, marital status, disability status, political ideology, military or protected veteran status, or any other characteristic protected by applicable federal, state, or local law.
*PATH has become aware of scams involving false job offers. *
Please be advised:
• PATH will never ask for a fee during any stage of the recruitment
• All active jobs are advertised directly on our career's page.
• Official PATH emails will always arrive from an @path.org
Please report any suspicious communications to [email protected]
Education Requirement: No Requirements
Job Experience: No Requirements
Work Hours: 8
Job application procedure
Click here to Apply Now