Role: Lead Security Architect

Type: Permanent

Location: Reading Hybrid (2 days a week in Reading)

The role of Lead Security Architecture Consultant is a senior role within the Security Architecture and Consulting team, which is responsible for providing subject matter expertise and guidance to business units across our Network and Enterprise domains to enable the business to deliver its outcomes in a secure manner, building customer trust in a reliable network which matches the best, whilst ensuring compliance to regulatory requirements, company policy and standards.

In this role you will have a broad and challenging remit, you will therefore need to be flexible and agile in your approach, switching between different security disciplines within the team as necessary. You will be engaging in the delivery of multiple business initiatives by introducing baseline and enhanced security requirements and supporting their implementation through guidance and advice. You will also be recommending security solutions and then providing design input and technical approvals, assurances, and governance of deliveries that the project carries out with our colleagues and partners. Within the Security team itself, as a senior member you will be expected to support the wider team by providing technical expertise and guidance, improving technical security standards, patterns and the team processes, as well as supporting the leadership team with resource and budget planning.

You will be working with colleagues and partners to deliver our outcomes and you will need to be able to successfully challenge and govern partner activities and have an awareness of partner contracts.

Experience we are looking for:

Must have at least 5 years of experience working in Cyber Security within a technical field.

Must have a mix of security consulting, architecture/design, and professional services experience.

Must be able to lead the design and review of secure system architectures using or developing patterns and principles, where necessary challenging to create precedents and set direction.

Must be able to work at multiple levels within the organisation from technical delivery to senior management.

Must have a strong knowledge of system architectures and be able to understand and articulate the impact of vulnerabilities on existing and future designs and systems, and how easy or difficult it will be to exploit these vulnerabilities.

Must be well versed in the application of security policies and standards, governance, compliance, risk management and technical assurance practices.

Should have experience of using common information security management frameworks, such as NIST, PCI, GDPR, ISO Series, OWASP the IT Infrastructure Library (ITIL), the ISF Standards of Good Practice (SoGP) and ISACA's Control Objectives for Information and related Technology (COBIT) frameworks.

Must have expertise and experience in one or more of the following technical domains:o Cloud/Hybrid security

o Infrastructure and data centre security

o Network security

o Application security

o Identity and access management

o Vulnerability Management

Must have expertise in defining and then governing the delivery of security contractual/business outcomes and know how to influence/negotiate technical outcomes with 3rd parties, including conflict resolution due to changing priorities.

Must have experience of documenting and implementing processes, procedures and architecture/design/decision templates required to structure and govern an architecture, design and delivery lifecycle.

Must have experience working at pace within a complex operational environment / large organisation.

One or more of the following security and architecture related certifications would be desirable: SANS / GIAC / CISSP / CISM / SABSA / TOGAF

Responsibilities:

* Actively represent the security organisation within business project initiatives, providing technical security leadership to ensure that security requirements and outcomes are defined and considered throughout the lifecycle of projects from conception to operation.

* Collaborate closely with a broad range of stakeholders across the business and be able to articulate the security vision, principles and governance/assurance standards for security consultants and solution architects.

* Provide security requirements and design input across several projects or technologies

* Provide effective governance and assurance of security deliverables by our partners and internal teams, where necessary also supporting security consultants and solution architects through review and approvals.

* In conjunction with your peers in the strategy team, define and maintain the Security Product and Capability Catalogue, by maintaining a broad understanding of security products and their use and supporting the assessment of new products and capabilities.

* Create, review, and approve requirements capture, architecture, design, delivery and test documentation and other artefacts used in the design and delivery lifecycle, ensuring that effective governance and technical assurance can be performed. Maintain and improve the use of artefact templates.

* Ensure that there is effective capacity management and planning in place for the security services and solutions assigned to you and ensure that the solution is incorporated into the 18-month technical and budget roadmap for capacity expansion and service improvement.

* Support the Programme and Project Manager in project planning, risk and issue management and the budgeting process.

* Support the security department leadership team in reporting, and roadmap and resource planning.

If this looks interesting, click on APPLY!

Project People is acting as an Employment Agency in relation to this vacancy