Security Architect - G1601

Location Reading
Salary £0.00 - £1 per day
Job type Contract
Sector Technology
Reference BBBH20958_1669733925

Secuirty Architect

Remote with ad hoc travel required

Inside IR35

A formal information security architecture process is one of the key enablers of a security programme. It is the planning process that provides the models, templates and principles that are used to design, implement and operate information security solutions. It enables consistency, leverage and reuse to satisfy the business requirements for security services in an optimum manner. The role of the information security architect demands business insight; technical acuity; and the ability to think, communicate and write at various levels of abstraction.

Skills / Experience

Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is required.

Formal training and experience in a relevant enterprise architecture methodology (for example, the Zachman Framework or TOGAF).

Knowledge of a security-specific architecture methodology (for example, SABSA).

Experience with common information security management frameworks, such as International Standards Organization (ISO) and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks

In-depth knowledge of risk assessment methods and technologies

Proficiency in performing risk, business impact, control and vulnerability assessments

Strong understanding of business applications, including enterprise resource planning (ERP) and financial systems

Familiarity with relevant legal and regulatory requirements, such as the UK Data Protection Act

Coaching and mentoring of more-junior technical staff will be required.

Strong conceptual thinking and communication skills - the ability to conceptualise complex business and technical requirements into comprehensible models and templates.

Ability to work well under minimal supervision.

Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT and business personnel.

Demonstrable written and verbal communication skills.

Ability to interact with staff at all levels up to senior and across all business units and organizations, and to understand business imperatives

Strong leadership abilities, with the capability to develop and guide business, project and information security team members

A strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships

Assessment and specification of appropriate technology controls on basis of risk/threat

This is an expert/lead technical role. It defines the information security architecture and design for the enterprise.

This person works on multiple projects as a project leader or as the subject matter expert.

The role is involved in projects or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments.

Strong analytical skills, to analyse security requirements and relate them to appropriate security controls



Key Accountabilities

Works closely with enterprise architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.

Develops the business, information and technical artefacts that constitute the enterprise information security architecture and solutions.

Serves as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.

Contributes to the alignment of security governance with EA governance and project and portfolio management (PPM).

Researches, designs and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.

Contributes to the development and maintenance of the information security strategy.

Evaluates and develops secure solutions, based on approved security architectures. Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks.

Communicates security risks and solutions to business partners and IT staff

Manage the security architecture to support the implementation of policy, standards and other security requirements within the project

Ensure protection of information using data-centric security approaches. Ensure alignment with system life cycle through security risk assessments and input into design and architecture.

Provide expert guidance on security matters

Represent the security function, model and requirements in project activities

Recommend updates to the established security model

Assist project members in the identification, specification, design and implementation of appropriate security controls

Provide updates to the test plan

Coordinate and assist on security testing, including third party penetration testing

Perform risk assessments and threat models to derive control objectives

Identify and escalate unaddressed risks and threats

Provide updates on risks, threats and overall security status to Information Security management and other stakeholders



Experience

Seven to 10 years of combined IT and security work experience, with a broad exposure to infrastructure/network and multiplatform environments.

Expert knowledge of security issues, techniques and implications across all existing computer platforms.

Proven ability in security process and organizational design.

In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls

Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans

Experience in developing, documenting and maintaining security policies, processes, procedures and standards

Understanding of energy/utility sector

Good understanding of risks and threats to UK energy sector, control systems, smart grid and metering, network, consumer technologies and customer data

Understanding of organisation, culture and values

Understanding of energy/utility sector

Good understanding of risks and threats to UK energy sector, control systems, smart grid and metering, network, consumer technologies and customer data

ersg are an equal opportunities employer; we are committed to promoting equality of opportunity for all job applicants. We do not discriminate against applicants on the basis of age, sex, race, disability, pregnancy, marital status, sexual orientation, gender reassignment or religious background; all decisions are based on merit.