Lead System Security Architect

Job Description

• Directly support the CISO.

• Lead and manage GRC personnel as required.

• Develop, review and implement security architectures and frameworks for IT systems, networks, applications and OT.

• Evaluate or prepare security requirements proposed for project or tender submissions.

• Develop security surveillance strategies, frameworks, and procedures.

• Develop security assessment surveys and maturity measurement methods.

• Identify vulnerabilities and perform security risk assessments.

• Define and enforce security policies, procedures, and best practices.

• Define governance and risk management procedures and methodologies.

• Define security roadmaps based on business and enterprise priorities.

• Evaluate and recommend security tools and technologies.

• Coordinate and communicate GRC activities across the Group's subsidiaries.

• Define and manage data gathering and reporting across the Group's subsidiaries.

• Develop and maintain system security architecture and design standards / templates.

• Maintain records of system architectural patterns and secure engineering solutions.

• Work with the Security Compliance Lead to ensure all aspects of the GRC function are planned, implemented and applied effectively.

• Work with the Security Risk & Compliance Manager to maintain and present a consistently accurate assessment of enterprise risk.

• Work with the Cyber Security Architect / Auditor to ensure all aspects of Cyber Security Operational capability are developing appropriately and to communicate threat intel across subsidiaries as required.

Requirements

• In-depth knowledge of Mitre ATT&CK Tactics and Techniques and OWASP Top Ten.

• In-depth work experience in hybrid and cloud architecture / system design and implementation.

• In-depth knowledge of zero trust principles, network security, cloud security, cryptography, and secure software development.

• Practical experience in NIST CSF and CIS Controls assessment and implementation.

• Demonstrable experience delivering detailed system security design and threat modelling.

• Project and/or programme management and support experience.

• Excellent documentation and writing skills.

• Excellent communications skills.

• At least 5 years work experience as a System Security Architect.

• Previous work experience in IT architecture and infrastructure.

• BSc in Computer Science, Computer Engineering or equivalent.