The Security Architect will be responsible for the design, implementation and ongoing development of the security architecture of the clients IT systems. The Security Architect will draw upon Enterprise Security Architecture or Security Solutions Architecture to: - Identify business objectives, user needs, risk appetite and cyber security obligations - Identify vulnerabilities, perform threat modelling, undertake risk assessment, evaluate the effectiveness of security controls - Verify and evidence alignment to Secure by Design principles, corporate security policy/standards as well as industry recognised frameworks and best practice What youll be doing: • Develop, deliver and continually enhance a coherent approach to the design of secure client end-to-end solutions • Develop secure conceptual, logical and high level designs by identifying appropriate security controls to be embedded in solutions that meet business requirements whilst evidencing alignment to the target risk appetite. • Own the design and be able to articulate and justify design recommendations at security architecture assurance gates • Draft design documentation, options papers, risk assessments, stakeholder presentations and be able to effectively communicate these to both senior technical and non-technical stakeholders • Contribute to a reference architecture of established patterns, principles and guidelines • Research emerging technologies, new products and be able to position these in a coherent manner against the developing threat landscape and client risk appetite • Ability to distil complex information and concepts into key discussion points that identifies a path to resolution rather than only the identification of challenges • Contribute to the development of the Security Practice skills and capabilities to ensure consistent high quality of service delivery and expertise. Active coaching and mentoring of junior members of the team • Leading in the development of collateral to support Security Consulting ‘go to market’ propositions and service offerings. • Leading in the development and presentation of compelling client proposals collaborating with teams across our business. • Strong stakeholder management and relationship building skills at senior levels that will enable consensus building in the shaping of secure client solutions • Shaping, leading and delivering value through security advisory consultancy and through guiding secure transformational delivery engagements. • Providing security expertise across security standards and accreditations, measure and control the effectiveness of the security controls framework and maintain the Information Security Management System. • Deriving and delivering documented Information Security Management Plans which incorporate Regulatory, Legal and Compliance in relation to applicable security policies. Standards and guidelines • Assiting with the identification of identified risks and emerging cyber security vulnerabilities and threats. The subsequent analysis to quantify and lead risk mitigation plans • Work with Service Management to ensure that partners and suppliers adhere to agreed standards, policies and verify/evidence appropriate compliance and security KPIs • Work closely with 1st, 2nd and 3rd lines of defence on all matters relating to cyber security, information assurance, cyber risk, data privacy including regulatory and compliance considerations • Lead the development and enhancement of governance, risk and compliance aligned to policy, standards an industry good practice • Ensure that continuous assessment, identification, analysis and reporting of useful metrics to enable informed risk based decisions to be taken • Constructively challenge established processes and controls to identify, recommend and facilitate continuous improvement, ensuring that all personnel (including senior stakeholders) understand their responsibilities in relation to security risk mitigation and remediation • Review and verify that documentation relating to process and technical security controls are maintained What experience youll bring: • Minimum of 5 years’ experience in a multi-tiered IT enterprise environment / Governance, Risk and Compliance role • Minimum of 5 years’ experience in a Governance, Risk and Compliance role • A track record of delivering security solutions for large-scale infrastructure, transformation or integration programmes • Practical knowledge and understanding of industry security frameworks and guidance such as NIST CSF, NIST 800-53, NCSC CAF and other NCSC guidelines • Good knowledge of networking (switching, routing, firewalls) • Experience with the design concepts associated with adoption of Cloud platforms (AWS and/or Microsoft Azure) • An understanding of the native security capabilities and good practice within Cloud platforms (AWS and/or Microsoft Azure) • In-depth knowledge of modern security concepts, common attack vectors, malware, security analytics and threat intelligence. • A good understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE) • Experience working with security standards such as ISO 27001, 27002, 27017, 27108 etc DESIRABLE SKILLS AND EXPERIENCE • CISSP, CISM, CCSP, CRISC or equivalent experience • Good knowledge covering several of the following examples (this list is not exhaustive): AD, Cryptography, End User Computing, IAM, PKI, Server hardening, SIEM, SOAR, virtualisation (VMware) • Participate in pre-sales tasks and perform ongoing support of delivery collateral. • Familiarity with MITRE ATT&CK • Familiarity with ITIL