Senior Security Architect (IDAM)
Utilities
Hybrid in Warwick: 2-4 days per month
6 months
£750 - £800 per day
In short: Security Architect with broad experience across network, infrastructure, cloud, application required to deliver an IDAM project. We're not seeking someone who only specializes in IDAM - we need a solid, generalist Architect who understands all of the relevant components related to IDAM.
In full:
Job Purpose:
The Senior Security Architect serves as a security lead/visionary and will act as an expert in many areas of security, describing in business terms the impact of security policies, standards, technology standards and architecture on the business. This person will provide security direction to the program/project(s) based on the business requirements and focus areas.
The Security Architect must be able to interpret high-level business requirements and communicate them to highly technical security engineers; conversely, they must also be able to articulate highly technical issues to a non-technical business audience.
The Security Architect is to provide minimum security requirements and to ensure that the delivered solution is fit for purpose and effective when transitioned into service. The Security Architect will identify security services to be integrated into the overall solution and work with the security tower teams to ensure implementation of the services.
Primary Roles & Responsibilities:
* Providing a security service steer to the program, on security related matters.
* Ownership and definition of the security scope/architecture for transitionary steps to enable the expeditious separation of a divesting entity.
* Drive security requirements, architectures, patterns and approaches via the company's processes.
* Day-to-day engagement with divestiture programme to advise and consult on security matters.
* Removing impediments for the successful delivery of the security related solutions.
* Coordination of technical design/review activities with various segments within the Security team.
* Accountable for ensuring that key risks and issues are identified, addressed and resolved in a manner that satisfies the business.
* Accountable for ensuring residual risk is captured and owners are identified and accept the risks.
* Support a design authority in making decisions.
Knowledge and Capabilities:
* Security Technology
o Appreciation of wider information security related principles, likely to be gained in industry or from a consultancy background.
o Skilled in creating technology standards and experience with presenting security requirements and necessary security services to the security and/or enterprise governance boards for acceptance and approval.
o Proven experience in cloud security solution, Azure hands-on experience preferred.
* Security Services
o Knowledge of Cloud fundamentals - Design Patterns, Shared Security, Monitoring.
o Experience with cloud-based security controls (secure web gateway, next gen firewall, cloud access security broker).
o Strong background in defining security requirements across network, database, operating system and application.
o Good understanding of security testing process SAST/DAST/Vulnerability Assessments/DevSecOps pipeline/Pen testing etc.
o Knowledge on security solutions such as IDS/IPS, secure remote access, firewalls, encryption, secure protocols, data protection, data loss prevention and identity management solutions.
o Strong knowledge of data and information flows, information governance, network protocols.
o Knowledge of security hardening techniques and policy development, particularly operating system hardening (e.g. Windows, UNIX, Oracle).
o Experience in integration with a SIEM, or working within a system monitoring environment.
o Experience in vulnerability and risk management processes.
o Experience of risk management.
o Experience of IDAM.
o Experience of data migration approaches and the security considerations.
* Project Engagement
o Experience of incorporating security controls at each stage of the software development lifecycle process.
o Experience of designing and managing security controls within service providers and the cloud.
o Proven track record of successfully delivering business requirements to time and budget constraints.
o Experience with Agile projects.
o Familiar with contract management, ensuring security controls are referenced within the agreement.
* Preferably somebody who has done hands-on IT in the past and understands the pragmatic approach sometimes required.
Qualification Requirements:
* Educated to degree level (or equivalent combination of education and experience).
* Security Qualifications such as Azure Security Associate/Azure Solution Associate/CISSP/CCSP/ etc.
* Information Security Certifications/Qualifications such as CISSP and MSc Information Security preferred but not necessary for this role.
Job Dimensions:
* This role has a significant impact on defining security requirements and ensuring that the program meets these requirements, or that exceptions and issues are noted and remediated as appropriate.
* Direct reports - None.
Candidates will ideally show evidence of the above in their CV in order to be considered.
#J-18808-Ljbffr