IT Security Architect - Maidenhead

Maidenhead, Berkshire
Competitive
18 Sep 2019
16 Oct 2019
Full Time

IT Security Architect​ - Maidenhead

Full time

Job Purpose

IT Security Architect will define and own security architecture design and support implementation of the solution that satisfies business requirements, whilst ensuring that it is aligned with technology strategies and complies with Enterprise Architecture and Information Security principles and guidelines.

They will define, own and maintain security architecture principles, standards and guidelines and provide governance for security solution designs across all projects in Rank.  IT Security Architect will cover all security aspects in core technology areas such as data, networking, infrastructure, software development, mobile and cloud platforms and work with various stakeholders within IT, business and third parties.

Main Accountabilities and Responsibilities

  • Develop, own and maintain security architecture artefacts such as models, patterns, templates, standards, guidelines and principles, that can be used to leverage security capabilities across projects and operations.
  • Design and implement security elements for bespoke technology solutions by working with stakeholders across business, architecture, security, engineering, data and infrastructure teams and third-party vendors.
  • Develop and maintain a security architecture processes that enables the company to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers.
  • Track developments of threats and changes in the digital and retail environments to ensure that these are adequately addressed in security strategy plans and architecture artefacts and incorporated into Rank’s technology platforms.
  • Design and build controls to address security risks and events as identified.
  • Ensure company core technology initiatives are designed and built with the correct levels of security and compliance.
  • Define non-functional requirements for security and ensure that the solutions fulfill security requirements across all projects.
  • Review security technologies, tools and services, and make recommendations for their use based on security, financial and operational metrics.
  • Define solutions and processes for cyber security, threat modelling, SOC, encryption, privacy, vulnerability management and security testing by working with IT security team.
  • Create and maintain security architecture documentation and own key architecture decisions.
  • Engage with IT and business stakeholders to understand the requirements so that business goals can be achieved securely and ensure that any risks involved are clearly communicated, well understood by stakeholders and documented in risk register.
  • Make risk/value assessments and propose a range of appropriate solutions ensuring alignment with strategic direction, following recognized industry best practices and utilizing latest technology.
  • Contribute to the continuous improvement of Enterprise Architecture practice within Rank.

Knowledge, Expertise and Qualification

  • Strong experience of defining security architectures and roadmaps and delivering solutions within a medium to large sized organisations.
  • Hands-on implementation experience with CDN, PKI, OAuth 2.0, OpenID Connect, XACML and/or SCIM.
  • Strong experience in threat modelling, cyber security, vulnerability management and security testing.
  • Experience of implementing security features in cloud (Azure) and on-premise solutions and understanding of emerging security technologies for mobile and cloud.
  • Strong implementation experience of a wide range of security products such as access audit tools, IDS, IPS, DLP, Firewalls, End Point security, encryption, proxies, DDOS protection, etc.
  • Experience of engaging with stakeholders and helping them to understand security and risk profile.
  • Experience with relevant legal and regulatory requirements, such as the EU’s GDPR, the UK Data Protection Act, the Computer Misuse Act, Payment Card Industry/Data Security Standard and ISO27001 (which covers the majority of the UKGC and AGCC gambling commissions licensing requirements).
  • Experience of working with common information technology management / compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST.
  • Computer science degree or equivalent.
  • Certification in TOGAF / Zachman/ other Architectural or Security frameworks preferred.
  • Good understanding of current application development, project management, Devops and service delivery methodologies.

Personal Qualities

  • Ability to balance the “big picture” with short-term implications of individual decisions.
  • Ability to translate business needs into multiple technology solution options.
  • Strong conceptual thinker, able to generate and communicate an abstract perspective from a complex set of facts.
  • Great communicator and relationship builder.  Able to communicate technical considerations clearly and concisely in terms that are relevant to the audience.
  • Develops communication strategies and has significant persuasion skills to influence at all levels of the organization.
  • Resolves conflicts and manages divergent audience perspectives.
  • Diligent, dependable with a high degree of integrity.
  • Promotes knowledge and skills sharing within the team.
  • Ability to plan managed transitions between multiple interim