We're looking for a Security Architect responsible for creating, maintaining, and enforcing the frameworks, processes, and technical designs that safeguard N Brown's data, systems, and overall digital ecosystem.
You'll serve as the primary bridge between business priorities and security needs, ensuring that all technology initiatives are aligned with robust security principles. You'll join the Architecture Chapter (Governance and Transformation) whilst being embedded within the Information Security Chapter (engineering and operations) and the GRC Team (governance, risk, and compliance). This unique placement enables the role to integrate security as a core element in business transformations, system operations, and governance activities, providing a 360-degree approach to enterprise security.
Additionally, you will support the Data Protection Officer (DPO), ensuring N Brown meets its obligations around privacy and data protection, as well as providing leadership in Cloud Security Architecture and the Secure Development Lifecycle (SDL).
What will you do as a Security Architect at N Brown?
Information Security Architecture
* Develop enterprise-wide data security strategies to ensure the confidentiality, integrity, and availability of information assets.
* Establish and maintain security standards, policies, and guidelines that align with regulatory frameworks, business objectives, and industry best practices.
* Work closely with the Data Governance team to integrate controls for sensitive data across its lifecycle, including classification, storage, access, and transfer.
* Drive the adoption of encryption standards and other data protection mechanisms across applications, databases, and file systems.
* Collaborate with the DPO to ensure security architecture supports privacy obligations under GDPR and other regulations.
Cyber Security Architecture
* Design and implement layered defence architectures to protect against an ever-evolving threat landscape.
* Define the security posture for enterprise infrastructure, including network segmentation, secure endpoints, and resilient cloud environments.
* Collaborate with engineering teams to build scalable, secure applications following secure coding principles and frameworks.
* Develop strategies for integrating security monitoring and detection tools (e.g., SIEM, IDS/IPS) into the organisation's IT landscape to provide real-time threat visibility.
* Partner with incident response teams to ensure that the architecture supports rapid containment and recovery in the event of a breach or cyberattack.
Cloud Security Architecture
* Define security strategies for hybrid and multi-cloud environments, ensuring consistent protection across all platforms.
* Evaluate and recommend cloud-native security tools and controls, such as cloud access security brokers (CASBs), cloud firewalls, and key management systems.
* Collaborate with Cloud Operations and DevOps teams to implement secure infrastructure-as-code practices and cloud deployment pipelines.
* Ensure compliance with cloud security standards such as CIS benchmarks and shared responsibility models.
Secure Development Lifecycle (SDL)
* Establish and champion the Secure Development Lifecycle across all application development teams.
* Provide guidance on secure coding practices, static/dynamic application security testing (SAST/DAST), and code review processes.
* Work with development teams to ensure security is considered at every stage, from design through deployment.
* Introduce automated tools to enhance SDL efficiency, such as vulnerability scanning in CI/CD pipelines.
* Drive security awareness among developers, offering training and mentorship on threats and mitigation techniques
What skills and experience will you have?
* A good understanding of cloud security controls and tooling, ideally in AWS but GCP and Azure will also be beneficial.
* Understanding of secure coding and application design principles.
* Good knowledge of the ecommerce threat landscape and a pragmatic approach to applying relevant controls to mitigate those threats.
* Experience of building strong security governance into guard rails.
* Experience of applying security controls and mitigations iteratively in an agile/DevSecOps environment where all requirements will not be delivered on day one.
* Excellent communication skills and a proven ability to influence outcomes - strong interpersonal skills are essential.
* Practical experience of governing solutions in an architecture function.
* Flexibility and a desire to learn.
* Awareness of IT industry trends and being vendor and technology neutral to enable best-fit solutions to be found.
* The ability to plan and rationalise project goals working from limited information and ending in a holistic design.
* Decisiveness - be capable of presenting proposed solutions with confidence, providing clear guidance for outcomes.
Desirable:
* CompTIA Security+
* Certified Information Security Manager (CISM)
* Certified Information Systems Security Professional (CISSP)
* Certified Ethical Hacker (CEH)
* Offensive Security Certified Professional (OSCP)
* Certified Cloud Security Professional (CCSP)
* AWS Certified Solutions Architect / GCP Cloud Architect / Azure Solutions Architect
* A broad understanding of current techniques and tooling including API-first design, Cloud Native, Containerisation and PaaS on AWS, Azure or GCP.
* Experience of working with Product or Agile teams at the same time, effectively governing architectural designs to enable continuous delivery.
* Retail / Ecommerce experience
What's in it for you?
* Hybrid working
* 24 days holiday (+ 8 bank holidays) with the option to buy an additional 10 days
* Annual bonus scheme
* Enhanced maternity and adoption leave
* Access to Apricity, a self-funding IVF benefit at a reduced rate
* Company pension with up to 8% N Brown contribution
* Mental Health support both internally and externally, including access to our wellbeing champions and counselling services
* A range of financial wellbeing support
* Colleague discount across all N Brown brands
* Onsite café with subsidised rates and local restaurant discounts!
* Life Assurance and Private Medical Insurance
* Paid volunteer time - all our colleagues can take a full day paid to volunteer for a charity of their choice
N Brown - who we are and why work for us?
At N Brown, we're committed to building a diverse workforce and creating an inclusive environment that values equality for all. Our vision is that by 'championing inclusion, we'll become the most loved and trusted fashion retailer'. Diversity, Equity, Inclusion and Belonging are, therefore, at the heart of our culture.
We're a forward-thinking digital retailer with a financial services proposition to be proud of. We're customer-obsessed, serving them through three core brands: JD Williams, Simply Be, and Jacamo. We're experienced, with over 160 years of trading under our belt. We're inclusive, as we believe in fashion without boundaries; and we're sustainable, striving to make as little impact on the planet as possible.
In May 2024 we were delighted to be named one of The Sunday Times Best Places to Work 2024. We work hard to create a happy and inclusive culture for everyone and we're so proud to have made this list - as voted for by our very own colleagues!
Ways of Working
We offer hybrid working which varies across the business depending on the role you're in. Our Head Office is located in the Northern Quarter in Manchester City Centre. So if you are travelling by train, tram or bus we're perfectly located, plus we're surrounded by cool cafes, trendy bars and the best places to eat!
Our working hours are 36.17 per week and our core working hours are between 10am - 4pm. Given we don't have strict working hours you can find the working pattern that's right for you.
Our promise to you:
We're an equal opportunity employer and value diversity. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.
What happens when you apply to a role at N Brown?
As soon as we receive your application, we'll send you an email to let you know. We always aim to come back to you as soon as possible with an update and we really appreciate you taking the time to apply for a role with us. Good luck! #J-18808-Ljbffr