UNIQA Group Services

Role Description The Enterprise Architect for Resilience & Security Infrastructure Architecture defines and governs the target-state architecture for resilient, secure technology foundations (on-prem, cloud, and hybrid) so that critical business services remain trustworthy, auditable, and recoverable under disruption and cyber stress. This role ensures architectural decisions align with group principles such as Zero-Trust, continuous compliance, cloud preference, and standardized platform foundations (e.g., landing zones, IAM, network patterns, CI/CD toolchains). Scope - Technology foundation architecture: compute/platform, network, storage/data protection, identity and access foundations, security tooling and controls, observability/monitoring, and resilience patterns across the enterprise. - Resilience-by-design: redundancy, failover, backup/restore, physical dispersion, fault isolation and recovery patterns embedded into infrastructure reference architectures and standards. - Regulatory and audit readiness: architecture evidence and traceability that supports operational resilience and ICT risk expectations (e.g., Digital Operational Resilience Act (DORA) focus areas like ICT risk management, incident handling, resilience testing, and third-party risk). Your responsibilities - Core responsibilities: - Assess current vs. target infrastructure architecture, identify SPOFs and systemic risks, and propose costed mitigation options that fit business criticality and proportionality. - Define NFR baselines for availability, recoverability, security and operability; ensure these are implemented and verified through evidence (monitoring, audits, tests). - Maintain architecture artefacts (standards, reference architectures, decision records, and architecture evidence) in approved repositories for discoverability and audit traceability. - Ensure secure/resilient lifecycle management by proactively addressing EOL/EOS technologies and ensuring supported solutions. Key Accountabilities (outcomes you own) - Target architecture: - Define and maintain target architectures and transition roadmaps for resilience and security infrastructure capabilities, ensuring principle fit and preparing decision topics for governance forums (ADR → boards). - Standardize and evolve platform foundations (landing zones, IAM, network patterns, CI/CD toolchains) and reuse approved reference architectures. - Resilience architecture patterns & guardrails: - Establish group-wide resilience guardrails so infrastructure can anticipate, withstand, recover, and adapt during adverse events; embed resilience as a core design concept during initial design and ongoing transformation. - Define reference patterns for: - Modular redundancy (e.g., N+1, 2N), - Physically dispersed infrastructure, - Load balancing/failover, and - Fault mitigation (e.g., circuit breaker, graceful degradation). - Data recoverability (backup strategies, RTO/RPO-aligned approaches, secure backup requirements). - Security infrastructure architecture (Zero-Trust & continuous compliance): - Translate Zero-Trust and compliance principles into infrastructure architecture standards (identity-centric access, least privilege, encryption, evidence automation) and ensure designs document control sets and test evidence. - Partner with security/risk stakeholders to ensure security and compliance remain cross-cutting and consistent across domains. - Architecture governance, decision support & assurance: - Drive architecture decisions using traceable artefacts (decision packs, ADRs, NFR matrices), and ensure deviations are time-boxed with a plan to realign. - Perform architecture reviews/inspections focused on resilience, security posture, and operability; ensure outcomes and evidence are retained for audit readiness. - Cross-functional enablement (delivery + operations): - Work with solution architects and operations teams to ensure solutions are “corporate conform,” operationally supportable, and aligned with infrastructure standards; provide guidance on problem determination, load testing interpretation, and supplier technical topics. - Authorize and guide infrastructure changes triggered by projects/migrations/change requests where architectural impact is material. - Third-party and sourcing resilience (cloud & vendors): - Ensure resilience and security requirements are addressed in sourcing choices (SaaS → PaaS → IaaS) with defined exit paths and clear resilience responsibilities across providers. - Align third-party ICT risk requirements with operational resilience needs (contractual SLAs, auditability, testing expectations). Key deliverables (your tangible outputs) - Resilience & Security Infrastructure Reference Architecture (on-prem, cloud, hybrid variants) including redundancy, dispersion, backup, failover, and observability patterns. - Standards & guidelines for infrastructure resilience and secure operations (including monitoring/auditability requirements). - Decision artefacts: ADRs, governance decision packs, documented exceptions with mitigation plans. - Resilience posture evidence: monitoring/auditing expectations, recovery testing principles, and measurable validation criteria (e.g., failover effectiveness, recovery time). Qualifications - Expert knowledge across infrastructure domains: hardware/platforms, network, storage, and security infrastructure. - Strong architecture documentation and concept development skills. - Proven ability to define, optimize, and master-plan infrastructure landscapes and work effectively with architects and operations. - Expertise in resilience engineering, designing for redundancy, failure containment, recoverability, and continuous improvement using patterns such as modular redundancy, physical dispersion, and fault mitigation techniques. - Familiarity with cyber resiliency engineering concepts that emphasize anticipating, withstanding, recovering, and adapting under attack/compromise. - Strong understanding of Zero-Trust architecture principles and continuous compliance/evidence automation. - Working knowledge of operational resilience regulatory expectations in financial services (e.g., Digital Operational Resilience Act (DORA) pillars such as ICT risk management, incident reporting, resilience testing, and third-party risk). - Fluent in English (both spoken and written). Desirable Skills - Fluent in German (both spoken and written). - Certifications: CISSP / CISM / CCSP, SABSA (security architecture), cloud security specializations; resilience/continuity credentials (e.g., ISO 22301 context). Benefits - Very stable work environment, as part of a large Insurance Multinational Group. - Flexible work program, respecting your own private time. - Attractive remuneration package. - Lunch tickets. - Special Days vouchers (Women’s Day, Children's Day, Christmas, Easter). - Private pension and private health insurance contribution. - Time off when holidays fall on a weekend (up to 3 days/year). - Exchange of experience and training with international professionals, as a premise for personal development. - Team building events.