Security Architect - Stellenbosch

SUMMARY : PeopleSolved is currently recruiting for a Security Architect to operate at a Group level for one of SA's leading private hospital groups. This hybrid position is offering around R1.2m per annum, and located in Stellenbosch.

POSITION INFO : About the Role :

Exciting opportunity for a Group Security Architect to design, implement, and maintain secure architecture for cloud and hybrid IT systems. This role has a strong focus on Microsoft 365 and Azure platforms, while ensuring enterprise-wide security alignment with organisational policies, regulatory obligations, and risk frameworks.

This is an unique opportunity to work at enterprise scale in the healthcare industry — protecting sensitive data, driving digital resilience, and contributing to the mission of improving patient care through secure, innovative technology.

• Design and govern secure cloud architecture (Azure, M365, hybrid).
• Define and enforce enterprise-wide security standards and frameworks, following Zero Trust principles.
• Lead technical risk assessments, threat modelling, and solution evaluations.
• Drive implementation of Identity & Access Management (IAM) in collaboration with group architects.
• Evaluate, select, and optimise security tools (EDR, SIEM, CASB, etc.).
• Provide implementation guidelines on network security.

• Bachelor’s degree in Information Systems, Cybersecurity, or (essential).
• Microsoft Certified : Cybersecurity Architect Expert, CISSP, or CCSP (advantageous).

• Minimum 10 years’ experience in information security, with at least 5 years in security architecture.
• Hands-on expertise in designing and implementing Microsoft 365 and Azure security.
• Experience in healthcare regulatory compliance (e.g. POPIA, GDPR) preferred.
• Knowledge of CSPM, SASE, third-party risk, DevSecOps, and identity governance desirable.
• Container security (Kubernetes, Docker) is advantageous.

• Cloud Security (Azure, M365).
• IAM (Entra ID, RBAC).
• Security frameworks (NIST, ISO 27001, CIS Controls).
• Network segmentation, Zero Trust.
• SIEM / SOAR platforms (Sentinel).
• Data protection (DLP, MIP, MCAS).
• Solid understanding of secure design principles.