MUST HAVE LIVED IN THE UK FOR 5 YEARS and NO SPONSORSHIP IS AVAILABLE*

*Must be Eligible to gain SC clearance*

I am partnered exclusively with a growing specialist Cyber consultancy in Manchester that provide Security Consultancy and Managed Security services across a wide range of markets, from multi-national Corporate Organisations and Government Agencies, through to smaller Businesses that want to develop strong security strategies.

They are a UK Government approved supplier and accredited Cyber Essentials Certification Body who provide a range of Security consultancy and Managed security services. Examples include Cyber Security, Cloud Security & Data Privacy Consultancy, Vulnerability Scanning, Cloud Security Assessments & Penetration Testing services.

They are growing and looking to recruit a Cyber Security Architect that specialises in Security architecture and GRC. I am looking for an enthusiastic and driven individual to join the team. Client satisfaction is paramount to us and therefore strong customer facing skills are a must.

They are a small Consultancy with big plans for growth, offering a clear career path and family based approach to our team, Partners and Clients.

The Role

A UK Government Security Check (SC) clearance is required for this role. If you don’t hold SC clearance, we will support you to apply as long as you have lived and worked in the UK continuously (no longer than 6 months abroad) for the last 5 years.

As a Cyber Security Architect, you will be a subject matter expert in secure design, risk management and compliance with demonstratable experience in highly regulated industries, specifically UK Government and Defence.

You will build effective working relationships with delivery team members and Cyber Security Specialists customers and operate without supervision as a Security SME across multiple Client projects.

Responsibilities

* Lead client-specific security and assurance of highly complex, cloud-centric data and digital services across entire lifecycle (strategy, design, implementation and operations)

* Provide specialist advice and knowledge of HMG government security architecture and assurance to OFFICIAL and above classifications.

* Provide specialist advice and knowledge of Public Cloud (Azure and AWS) cloud-based security architectures.

* Define and lead external security testing (ITHC, Pen Testing, etc) of solutions on the public cloud native platforms (Docker, Kubernetes, etc.), and Software as a Service (SaaS) solutions.

* Formulate HMG Information Assurance Risk Assessment and Risk Treatment Plans

* Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, implementing security standards such as ISO 27000 series and the NIST CSF

* Identify and deliver appropriate controls based on industry standards (e.g. CCM) to drive cloud and customer security solutions framework based on business risk and cloud native threats.

* Provide oversight and guidance on government security procedures and processes.

* Continually evaluate new threats in the cloud, to identify the impact on IT and the business to develop and implement security controls.

* Provide direction, analysis and design facilitation to develop, maintain and govern a customer security architecture.

* Ensure that architecture principles, designs, technologies, methods and practices are properly executed.

Key Skills and Experience:

* Domain expertise.

* Significant public cloud (AWS & Azure) and hybrid cloud security architecture experience across multiple domains: Cloud, Network, Infrastructure, Application, Data, IAM

* Cloud security concepts, technologies and best practices for delivering security across IaaS, PaaS, SaaS and Serverless architectures.

* Implementing Information Security and Privacy Standards and Frameworks (e.g. ISO 27001, NIST, CIS)

* Leading security working groups and external security testing (ITHC, Penetration Testing, etc) of cloud solutions at high HMG classification levels (OFFICIAL required, SECRET desirable) or equivalent in other industries.

* Designing & delivering secure systems & tooling.

* Working directly with engineering teams to design and review system/data architectures through the development of patterns and principles.

* Managing technical assessments of security related technologies, vulnerability assessments and penetration tools and techniques.

* Enabling & informing risk-based decisions.

* Working with higher impact or more complex risks, advising on the impact and whether this is within risk tolerance.

* Understanding and articulate the impact of vulnerabilities and required controls and mitigations on existing and future designs and systems.

* Communication with stakeholders.

* Demonstrate a deep understanding of security concepts and can apply them to a technical level to guide engineering teams.

* Effectively translate and accurately communicate security and risk implications to technical and non-technical stakeholders.

* Manage delivery manager and stakeholder expectations and be flexible, adapting to stakeholder reactions to reach consensus.

Nice to have Skills:

* Formal security certifications e.g. CISSP, CISM, AWS Solutions Architect

* Good understanding of Data Protection & GDPR

* Working within environments utilising DevOps, DevSecOps, SRE, CI/CD, Infrastructure & Security as Code (Docker, Git, Terraform)