Hybrid (One day a week in the office)
This is a security architecture role focused primarily on scoping project cybersecurity requirements and applying cybersecurity protection techniques to project designs.
The role demands specialist information security knowledge, good knowledge of the Azure cybersecurity product range and the ability to think, communicate and write at various levels of abstraction.
(NB: Security operations such as incident detection, response or recovery do not play a major part in this role).
- Works closely with enterprise architects, enterprise security strategy and other functional area architects to scope security requirements and to define appropriate security controls to be designed into IT systems and platforms: commensurate with identified risks, corporate objectives and regulatory requirements.
- Serves as a security expert in application development, database design, network and/or platform implementations, advising project teams on how to comply with enterprise security strategy, IT security policies, industry regulations, and best practices. The role may also include detailed design of controls.
- Communicates residual security vulnerabilities and possible mitigations to the security officer (who is responsible for formal risk assessment and security acceptance into live operation).
A bachelor's or master's degree in computer science, information systems or other related field; or equivalent work experience.
The candidate is likely to have several years of combined IT and security work experience, with a broad exposure to infrastructure/network and multiplatform environments including cloud (especially Azure).
Functional and Technical Skills
- In-depth knowledge and understanding of information security concepts, principles and associated protocols.
- Expert knowledge of security issues, implications and protection techniques across a wide variety of cloud and computer platforms. This includes technical areas such as: network segmentation; identity management and access control; and cryptography and its applications as well as designing for manageability.
- Ability to analyse and contribute to high level architectures and derive security controls commensurate with enterprise security needs.
- Experience using common information security management frameworks - especially National Institute of Standards and Technology (NIST) frameworks.
- Familiarity with relevant legal and regulatory requirements, such as the UK Data Protection Act 2018.
- Highly desirable to have specific knowledge of the Azure cybersecurity product range, especially related to application transformation & packaging.
- Ability to work within both waterfall and agile implementation frameworks.
- Formal training and experience in a relevant architecture method (for example: TOGAF) is preferred.
- Appropriate professional security certifications (such as CISSP or SABSA) are helpful.
Communication and Personal Attributes
- Strong conceptual thinking and communication skills - the ability to conceptualise complex business and technical requirements into comprehensible models and templates.
- Ability to work well under minimal supervision.
- Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT and business personnel.
- Demonstrable written and verbal communication skills.
- Strong influencing abilities, with the capability to guide business, project and information security team members.
- A strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships.
ersg are an equal opportunities employer; we are committed to promoting equality of opportunity for all job applicants. We do not discriminate against applicants on the basis of age, sex, race, disability, pregnancy, marital status, sexual orientation, gender reassignment or religious background; all decisions are based on merit.