De Heus
REPORT TO: Group Security Manager (CISO)
JOB PURPOSE:
- The Medior Enterprise Security Architect defines, maintains and operationalizes architecture for security services and security solutions across De Heus. The role translates security policy and principles into practical security design patterns, guardrails and approval criteria that can be applied consistently across regions and business units.
- The role provides the security authority to review, challenge and approve designs produced by Cloud & Infra, Applications, Data & Analytics, OT and other teams from a security perspective, ensuring alignment with global security guardrails, standards and risk decisions. The role does not own or replace the full architecture responsibility of those teams; those teams remain responsible for secure designs within their own domains.
- The architect supports architecture reviews, service catalog development, exception handling and security design decisions, while working closely with a senior architecture counterpart during the transition period.
ACCOUNTABILITIES:
1. Security Architecture Definition & Maintenance
- Define and maintain architecture for security services and security solutions across De Heus.
- Develop practical security design patterns, standards interpretations and guardrails for regional and local execution.
- Document security architecture decisions, reusable patterns and design guidance in a clear and usable way.
2. Security Design Review & Approval
- Review, challenge and approve designs submitted by Cloud & Infra, Applications, Data & Analytics, OT and other teams from a security perspective.
- Provide structured security feedback to improve alignment of peer-team designs with global security standards and guardrails.
- Prepare security architecture review materials and support Architecture Review Board decisions and follow-up actions.
3. Security Service Catalog & Exception Governance
- Contribute to the security service catalog and help define clear business, functional and technical ownership.
- Support governance of exceptions, compensating controls and remediation commitments.
- Help define and maintain security architecture KPIs and inputs for the central security dashboard.
4. Cross-Team Collaboration & Field Enablement
- Contribute to the security service catalog and help define clear business, functional and technical ownership.
- Support governance of exceptions, compensating controls and remediation commitments.
- Help define and maintain security architecture KPIs and inputs for the central security dashboard.
5. Cross-Team Collaboration & Field Enablement
- Work with Regional Security Delivery Specialists to enable knowledge transfer and practical security implementation guidance for business units.
- Build understanding of De Heus platforms, organization, priorities and delivery model to apply security guidance in a practical and business-relevant way.
- Align with the Enterprise Architect, CIO leadership and global IT functions on shared platforms and governance.
6. Professional Growth & Transition Support
- Learn actively from a senior architecture counterpart during the transition period.
- Build deeper knowledge of De Heus security standards, architecture governance, business priorities and platform landscape.
- Continuously strengthen knowledge in security architecture, secure design principles and stakeholder management.
RESULT:
- A coherent set of security architecture patterns, standards and guardrails is in place and adopted across projects and regions.
- Security review inputs and approval decisions are timely, clear and well documented.
- Designs from peer teams show measurable improvement in alignment with global security standards and guardrails.
- The security service catalog is structured and maintained with clear ownership.
- Exception governance is structured and supports measurable reduction of long-term risk.
- Business units and regional teams receive usable security guidance that supports implementation and handover.
- The role shows measurable growth in independence, quality of review and confidence in design decisions during the transition period.
Qualifications:
- Bachelor's degree in Computer Science, Information Technology, Cyber Security or a related field. Equivalent experience may be considered.
- Certifications such as CISSP, CISM, CCSP, TOGAF, SABSA or relevant vendor certifications are an advantage.
Experience:
- Around 3 to 5 years of relevant experience in security architecture, security engineering, security solution design or closely related technical roles across IT and Cloud. Experience with OT is an advantage.
- Experience translating security policies or standards into practical technical guardrails, patterns or implementation guidance.
- Experience reviewing technical designs from a security perspective in collaboration with infrastructure, application, data, analytics and engineering teams.
- Working knowledge of identity and access management, segmentation, secure remote access and privileged access concepts.
- Familiarity with exception handling, documentation and security governance processes.
- Experience within De Heus IT or in a closely related De Heus technology role is a strong advantage, because knowledge of the organization, stakeholders, platforms and ways of working can partly compensate for fewer years in a formal security architecture role.
- Experience supporting implementation teams with practical security guidance and knowledge transfer is an advantage.
Competencies:
- Able to translate security policy and principles into practical and implementable security guidance.
- Strong security review mindset and ability to assess peer-team designs objectively.
- Structured and clear in documentation, architecture artefacts and service ownership thinking.
- Good stakeholder engagement across global, regional and local teams.
- Able to work effectively with Cloud & Infra, Applications, Data & Analytics, OT and delivery teams without role overlap.
- Strong learning agility and willingness to grow into broader architecture accountability over time.
- Open to coaching, feedback and structured development during the transition period.
- Disciplined, reliable and comfortable working in a governance-driven environment.
Language(s):
- Fluency in English at CEFR Level B2 is mandatory (both written and spoken), as the role requires daily collaboration with global, regional and local teams across De Heus.
Other Requirements:
- Full-time global role with occasional travel.
- Location independent: the role can be based at any De Heus global hub. The current preference is HCMC, Vietnam.
- Reporting line into the central CISO Office; close collaboration with a senior architecture counterpart during the transition period.
English
Speaking: Fluently - Reading: Fluently - Writing: Fluently
De Heus LLC Vietnam started local production at feed mills in Binh Duong and Hai Phong. The company has a representative office in Saigon. Nowadays, the company has seven production locations in Vietnam. The six animal feed mills are based in Binh Duong, Dong Nai, Vinh Long, Binh Dinh, Vinh Phuc and Hai Phong and the aqua feed factory is based in Vinh Long.
Passionate and committed employees are crucial to realize ambitions. People who show entrepreneurship, commitment and leadership, contribute to the growth and success of De Heus and are of great value for the future!
