About the role:
Working in the Cyber Security Architecture practice team, the Information Security Architect provides a consultancy style service to various projects and endeavours to assist in aligning and informing all stakeholders with their obligations to build Secure & Robust ICT systems.
The position works closely with the Chief Information Security Officer, the Enterprise Security Architect and various project teams and has an emphasis on the development, review and documentation of risks, review and input into solution architectures, review of penetration testing results, evaluating commercial terms and vendor selection and security aligned requirements for internal and third parties.
Key Responsibilities
Promoting a "Secure by Design" culture across enterprise business systems and will require the successful candidate to drive the following activities:
- Requirements gathering, risk assessment and reviews to produce an optimal, requirements and designs for each project.
- Analyze and translate security policy, standards and requirements into architectural blueprints that can be consumed by each project
- Works closely with the Enterprise Security Architect, the Security Assurance team and Project team members to ensure compliance with ISMS standards and patterns. Actively participates in design authority and architecture review board forums representing the Cyber Security domain.
- Consult with internal staff at all levels to develop and maintain comprehensive and accurate security checklists and risk assessment models for new and modified applications;
- Work closely with vendors to specify and negotiate security requirements which meet our Policy framework and the needs of the business
- Work closely with all Solution and Enterprise Architects.
- Responsible for ensuring appropriate security and privacy measures are implemented on technology solutions.
- Ensure team effectiveness and manage client expectations through timely delivery of program deliverables.
- Adhere to all Client policies and guidelines including information security.
- All other tasks as directed by the Enterprise Security Architect related to Information Security Architecture.
Mandatory Experience
- Experience working as an information Security Architect or Senior Engineer within a large organisation.
- TOGAF9 or equivalent industry experience
- Experience in IDAM PAM and Information Security
Desirable experience
- Previous experience on Security uplift projects and change.
- Direct experience in Cyber Security technologies and processes - in any or all of the following domains - User, Device, Network & Transport, Systems or Information Security.
- Experience in requirements for ISM based systems at PROTECTED level.
- Experience in designing solutions and deployments using modern approaches including Agile, DevSecOps, SRE, delivered via Outsourced or Inhouse, and operated as "Products" with defined "Service Outcomes" as defined by Service Level Indicators and Objectives
- Understanding of modern cyber security threats and technologies and processes to mitigate them.
- Ability to perform risk assessments and identify pragmatic controls to manage them
If this sounds like you, then please contact Ben Neal on 0380807217 for more information,
Looking forward to hearing from you!
