About Ashurst
Ashurst is a leading progressive global law firm with a rich history spanning more than 200 years. We are proud of our history and are future-focused, having expanded into new technologies through our NewLaw division, Ashurst Advance, and our consulting arm. Our in-depth understanding of our clients and commitment to providing excellent standards of service have seen us become a trusted adviser to local and global corporates, financial institutions and governments in all areas of commercial law. To find out more please visit www.ashurst.com.
Department/Role overview
This role is primarily responsible for designing, implementing, and maintaining secure information systems within the Firm. The successful candidate will play a crucial role in identifying potential security vulnerabilities, and ensuring compliance with client requirements, industry standards, and regulations.
The Security Architect will work closely with cross-functional teams, including project management, Enterprise Architecture, Security and Privacy, and technical IT teams, to assess risks, propose appropriate security measures, and implement effective security solutions to ensure compliance with security standards and best practices.
The successful candidate should possess a strong technical background, a deep understanding of security frameworks and best practices, and the ability to translate business requirements into robust security architectures.
Main responsibilities
Security Architecture Design and Implementation - ARCH (Level 5), SCIY (Level 6), SCAD (Level 6)
1. Design, evaluate, and recommend security solutions, including infrastructure, network, and application security controls.
2. Ensure security strategies, policies, standards, and practices are applied correctly.
3. Collaborate with project managers and technical teams to assess security risks associated with internal projects and propose appropriate risk mitigation strategies.
4. Collaborate with stakeholders to understand business requirements and translate them into effective security designs.
5. Evaluate emerging technologies and trends to proactively enhance the Firm's security posture.
6. Contribute to the implementation of the Firm's enterprise security strategy.
Security Governance and Compliance - SCIY (Level 6), INAS (Level 4), SCAD (Level 6)
1. Define and enforce security policies, standards, and procedures to ensure compliance with client, regulatory requirements, and industry best practices.
2. Develop and maintain security control frameworks and ensure their consistent application across the Firm.
3. Contribute to security reviews and audits to assess compliance with internal policies and external regulations.
4. Provide guidance and support for security incident response and coordinate investigations as needed.
5. Stay up to date with evolving security threats and vulnerabilities and recommend appropriate measures to mitigate risks.
Collaboration and Communication
1. Collaborate with cross-functional teams, including IT Platforms, Products and Services, and Risk and Compliance, to ensure security requirements are integrated into the development lifecycle.
2. Work closely with project managers, Enterprise Architecture, and Security and Privacy to ensure security considerations are addressed throughout the project lifecycle.
3. Communicate complex security concepts and requirements to both technical and non-technical stakeholders.
4. Provide guidance and mentorship to junior members of the security team.
5. Stay abreast of industry best practices and emerging technologies through continuous learning and professional development.
Other Responsibilities (as required)
1. Other suitable duties, consistent with the duties and responsibilities of the position as directed by the supervisor or nominated delegate.
Risk and Control: Ensure that all activities and duties are carried out in full compliance with our regulatory requirements and internal policies.
Essential skills and experience
1. Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
2. Professional certifications such as CISA, CISM, SABSA, TOGAF, or similar credentials are preferred.
3. Strong knowledge of information security principles, best practices, and standards (e.g., ISO 27001, NIST).
4. Strong knowledge of cloud security concepts and experience with cloud platforms (e.g., Azure, AWS).
5. Proficiency in security technologies such as SIEM, DLP, IAM, and vulnerability scanning tools.
6. Familiarity with secure software development practices and application security principles.
7. Ability to assess risks, analyze complex problems, and propose effective security solutions.
8. Excellent communication and interpersonal skills to collaborate with diverse stakeholders.
9. Strong project management skills and the ability to work in a fast-paced, dynamic environment.
10. Ability to work independently and collaboratively in a team-oriented environment.
11. Attention to detail and a commitment to maintaining high-quality standards.
Background checks
In order to comply with regulatory and client requirements, Ashurst will undertake appropriate vetting of staff. When applicants accept a job offer, Ashurst, alongside a specialist provider, will undertake professional verification and background checks. These checks are only undertaken with consent, and in accordance with our legal and regulatory obligations.
#LI-HYBRID
#J-18808-Ljbffr