Job ID 224665
£600 a day Inside IR35
A formal information security architecture process is one of the key enablers of a security programme. It is the planning process that provides the models, templates and principles that are used to design, implement and operate information security solutions. It enables consistency, leverage and reuse to satisfy the business requirements for security services in an optimum manner. The role of the information security architect demands business insight; technical acuity; and the ability to think, communicate and write at various levels of abstraction.
Skills / Experience
Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is required.
Formal training and experience in a relevant enterprise architecture methodology (for example, the Zachman Framework or TOGAF).
Knowledge of a security-specific architecture methodology (for example, SABSA).
Experience with common information security management frameworks, such as International Standards Organization (ISO) and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks
In-depth knowledge of risk assessment methods and technologies
Proficiency in performing risk, business impact, control and vulnerability assessments
Strong understanding of business applications, including enterprise resource planning (ERP) and financial systems
Familiarity with relevant legal and regulatory requirements, such as the UK Data Protection Act
Strong conceptual thinking and communication skills – the ability to conceptualise complex business and technical requirements into comprehensible models and templates.
A strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships
Assessment and specification of appropriate technology controls on basis of risk/threat
This is an expert/lead technical role. It defines the information security architecture and design for the enterprise.
This person works on multiple projects as a project leader or as the subject matter expert.
The role is involved in projects or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments.
Strong analytical skills, to analyse security requirements and relate them to appropriate security controls
Works closely with enterprise architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
Develops the business, information and technical artefacts that constitute the enterprise information security architecture and solutions.
Serves as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
Contributes to the alignment of security governance with EA governance and project and portfolio management (PPM).
Researches, designs and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.
Contributes to the development and maintenance of the information security strategy.
Evaluates and develops secure solutions, based on approved security architectures. Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks.
Communicates security risks and solutions to business partners and IT staff
Manage the security architecture to support the implementation of policy, standards and other security requirements within the project
Ensure protection of information using data-centric security approaches. Ensure alignment with system life cycle through security risk assessments and input into design and architecture.
Provide expert guidance on security matters
Represent the security function, model and requirements in project activities
Recommend updates to the established security model
Assist project members in the identification, specification, design and implementation of appropriate security controls
Provide updates to the test plan
Coordinate and assist on security testing, including third party penetration testing
Perform risk assessments and threat models to derive control objectives
Identify and escalate unaddressed risks and threats
Provide updates on risks, threats and overall security status to Information Security management and other stakeholders
Combined IT and security work experience, with a broad exposure to infrastructure/network and multiplatform environments.
Expert knowledge of security issues, techniques and implications across all existing computer platforms.
Proven ability in security process and organizational design.
In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
Experience in developing, documenting and maintaining security policies, processes, procedures and standards
Good understanding of risks and threats to UK energy sector, control systems, smart grid and metering, network, consumer technologies and customer data
Understanding of energy/utility sector (desirable)