The role of Lead Security Architecture Consultant is a senior role within the Security Architecture and Consulting team in the company, which is responsible for providing subject matter expertise and guidance to business units across our Network and Enterprise domains to enable the business to deliver its outcomes in a secure manner, building customer trust in a reliable network which matches the best, whilst ensuring compliance to regulatory requirements, company policy and standards.
In this role you will have a broad and challenging remit, you will therefore need to be flexible and agile in your approach, switching between different security disciplines within the team as necessary. You will be engaging in the delivery of multiple business initiatives by introducing baseline and enhanced security requirements and supporting their implementation through guidance and advice. You will also be recommending security solutions and then providing design input and technical approvals, assurances, and governance of deliveries that the project carries out with our colleagues and partners. Within the Security team itself, as a senior member you will be expected to support the wider team by providing technical expertise and guidance, improving technical security standards, patterns and the team processes, as well as supporting the leadership team with resource and budget planning.
You will be working with colleagues and partners to deliver our outcomes and you will need to be able to successfully challenge and govern partner activities and have an awareness of partner contracts.
- Actively represent the security organisation within business project initiatives, providing technical security leadership to ensure that security requirements and outcomes are defined and considered throughout the lifecycle of projects from conception to operation.
- Collaborate closely with a broad range of stakeholders across the business and be able to articulate the security vision, principles and governance/assurance standards for security consultants and solution architects within the company and our partners.
- Provide security requirements and design input across several projects or technologies across our Network and Enterprise business domains at any one time.
- Provide effective governance and assurance of security deliverables by our partners and internal teams within the company, where necessary also supporting security consultants and solution architects through review and approvals.
- Maintain an in-depth knowledge of industry standards and have an evolving level of technical expertise relevant to the role.
- In conjunction with your peers in the strategy team, define and maintain the Security Product and Capability Catalogue, by maintaining a broad understanding of security products and their use within the company and supporting the assessment of new products and capabilities.
- Create, review, and approve requirements capture, architecture, design, delivery and test documentation and other artefacts used in the design and delivery lifecycle by our company and its partners, ensuring that effective governance and technical assurance can be performed. Maintain and improve the use of artefact templates.
- Ensure that there is effective capacity management and planning in place for the security services and solutions assigned to you and ensure that the solution is incorporated into the 18-month technical and budget roadmap for capacity expansion and service improvement.
- Support the Programme and Project Manager in project planning, risk and issue management and the budgeting process.
- Support the security department leadership team in reporting, and roadmap and resource planning.
- Must have at least 5 years of experience working in Cyber Security within a technical field.
- Must have a mix of security consulting, architecture/design, and professional services experience.
- Must be able to lead the design and review of secure system architectures using or developing patterns and principles, where necessary challenging to create precedents and set direction.
- Must be able to work at multiple levels within the organisation from technical delivery to senior management.
- Must have a strong knowledge of system architectures and be able to understand and articulate the impact of vulnerabilities on existing and future designs and systems, and how easy or difficult it will be to exploit these vulnerabilities.
- Must be well versed in the application of security policies and standards, governance, compliance, risk management and technical assurance practices.
- Should have experience of using common information security management frameworks, such as NIST, PCI, GDPR, ISO Series, OWASP the IT Infrastructure Library (ITIL), the ISF Standards of Good Practice (SoGP) and ISACA's Control Objectives for Information and related Technology (COBIT) frameworks.
- Must have expertise and experience in one or more of the following technical domains:
- Cloud/Hybrid security
- Infrastructure and data centre security
- Network security o Application security o Identity and access management o Vulnerability Management
- Must have expertise in defining and then governing the delivery of security contractual/business outcomes and know how to influence/negotiate technical outcomes with 3rd parties, including conflict resolution due to changing priorities.
- Must have experience of documenting and implementing processes, procedures and architecture/design/decision templates required to structure and govern an architecture, design and delivery lifecycle.
- Must have experience working at pace within a complex operational environment / large organisation.
- One or more of the following security and architecture related certifications would be desirable: SANS / GIAC / CISSP / CISM / SABSA / TOGAF
- Experience at improving the maturity of security controls and their implementation is desirable.
- Competitive annual salary as well as a performance based annual bonus & an additional 'flexible allowance' to spend on additional benefits, topping up your pension, or to be added to your salary
- Hybrid & flexible working between your home, and our brand new Reading HQ office at Green Park.
- 28 days annual leave + 8 bank holidays + 3 personal days annually, which increases with length of service
- Private Medical Insurance, Life Assurance and Income Protection
- Free on-site car parking (including electric!)
Our people make us who we are. We're a diverse and inclusive bunch, and it's important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.
Project People is acting as an Employment Agency in relation to this vacancy.
IFS Product & Solutions Manager
Compliance Lead - Consumer Device Insurance
Programme Manager - Telecoms - ADC
Programme Manager - Telecoms - ADC
Employee Relations Specialist - 12 month FTC or Day Rate