My Shortlist

Your shortlisted jobs will appear here. To view your shortlist: Login Or Register

Date Added: Wed 27/04/2022

Information Security Architect

IM1, UK
Apply Now

Company: ORCHARD RECRUITMENT LTD

Job Type: Permanent, FullTime

Salary: £70000 - £90000/annum

Overview
Our leading Financial Services Sector Client is continuing a high growth trajectory, coupled with an ambitious transformation programme. They are now seeking an Information Security Architect.
Role Profile
The Information Security Architect advises on and creates and designs security for a system or service, maintains security architecture documentation (including policies, standards, and technical guides) and develops architecture patterns and security approaches to new technologies. The security architect has a thorough understanding of an organisation's IT systems to anticipate possible security risks, identify areas of weakness, and respond effectively to possible security breaches. A security architect undertakes complex work of a high-risk level, often working on several projects.They are responsible, along with the rest of the security team, for assisting in the provision of information security governance according to the Information Security Management System (ISMS) framework.
Key responsibilities:
* Have a deep and evolving level of technical expertise, so you can act as a technical leader in the company
* Research, identify, validate, and adopt new technologies and methodologies
* Communicate with a broad range of senior stakeholders and be responsible for defining the vision, principles, and strategy for security
* Work on projects with high strategic impact, setting a strategy that can be used in the long term and across the breadth of the organisation
* Assist in projects to advise corrective actions resulting from risk assessments, security incidents and other sources revealing information security weaknesses that need to be addressed
* Advise the Group wide Infrastructure Architecture and Change Management Boards from a security perspective
Security Incident Management
* Help define a security incident management process for whole of the Group
* Actively participate in Identification, Investigation, Containment, Eradicate, Recovery and Follow Up aspects of a Security Incident when they occur
* Assist in the documentation of information security incidents and their follow-up actions, agreeing and advising on any required technical remediation actions or runbooks
Cyber Risk
* Report IT & security risk and escalates for appropriate remediation
* Assist in the assessment of risk to the security of information, assets, and personnel and management of cyber risk including risk reviews and mitigation planning
Governance / Standards
* Develop and maintain information security and architecture documentation (policies, procedures, standards, and technical guides) to agreed standards
* Assist in the support of external information security audits, management reviews and internal information security audits
* Monitor, or assist in the monitoring of, key measures of ISMS performance
* Research tooling and automation to drive efficiencies in the governance/risk spaces
Information Security Awareness
* Assist in projects to implement corrective actions resulting from risk assessments, security incidents and other sources revealing information security weaknesses that need to be addressed
* Mentor colleagues in team, and throughout the business as required, on the latest security developments as part of their personal development goals
Cyber Risk Management
* Contributing to the creation of a culture of risk awareness and the highest standards of corporate governance
* Assess operational risks, associated day-day activities and implement risk mitigation controls as necessary
* Ensure operational risk events are reported on a timely basis and risk event actions are completed within agreed timelines and subject matter expert in tools and reporting in the risk space
Customer Management
* Maintain effective relations with all key stakeholders across company and Quality and timeliness of communication updates to all relevant parties
* Ensure appropriate service is delivered at all times, across all business lines and that feedback is sought from key stakeholders to fully assess the service quality
Person Profile
Essential:
* A degree in computer science, IT, or a related field
* At least 5-10 years' experience in Information Security, or IT system administration
Relevant IT security certifications are preferred (ISO27001 lead auditor, CISSP, CISM, CRISC, CCRO, TOGAF) along with following experience:
* Strong ISO27001 Security Framework experience. Knowledge of controls
* A strong working knowledge of current IT risks, the global cyber threat landscape in general, and specifically of a variety of security tools and solutions
* Extensive experience with, and security knowledge of, Information Systems such as M365, Azure, MS Active Directory, VMware, Firewalls, Network, Storage, QRadar/SIEM, multi-vendor IT hardware & software upgrades, patch management, Identity Access Management, Network security
Desirtable
* DevSecOps exposure and Internal audit knowledge
* Risk analysis - systems/projects/changes
Apply Now