Security Architect/Auditor

Job Description

Directly support the Lead System Security Architect and Security Compliance Lead.

Develop, review and implement security architectures and frameworks for IT systems, networks & applications, and OT environments.

Define and enforce security policies, procedures, and best practices.

Prepare and/or evaluate security requirements proposed for project or tender submissions.

Define and employ governance and risk management procedures and methodologies.

Define security roadmaps based on business and enterprise priorities.

Develop security surveillance strategies, frameworks, and procedures.

Develop security assessment surveys and maturity measurement methods.

Identify vulnerabilities and perform security risk assessments.

Evaluate and recommend security tools and technologies.

Coordinate and communicate GRC activities across the Group's subsidiaries.

Define and manage data gathering and reporting across the Group's subsidiaries.

Develop and maintain system security architecture and design standards / templates.

Maintain records of system architectural patterns and secure engineering solutions.

Work with the Cyber Security Architect to ensure all aspects of Cyber Security Operational capability are developing appropriately and to communicate threat intel across subsidiaries as required.

Work with the Security Compliance Lead to ensure all aspects of the GRC function are planned, implemented and applied effectively.

Requirements

Knowledge of Threat Modelling techniques such as Mitre ATT&CK, PASTA, STRIDE and Attack Trees.

Knowledge of Enterprise Architecture Frameworks such as TOGAF, DODAF, Zachman / SABSA, Gartner EA, Archimate.

Knowledge of Standards and Control Frameworks such as NIST 800-53 Rev.5, CIS Top 18, ISO27001/2, PCI-DSS & OWASP Top Ten.

Detailed experience with hybrid and cloud architecture / system design and implementation.

In-depth knowledge of zero trust principles, network security, cloud security, cryptography, and secure software development.

Practical experience in NIST CSF and CIS Controls assessment and implementation.

Demonstrable experience delivering detailed system security design and threat modelling.

Excellent written and verbal communication skills.

At least 2 years work experience as a System Security Architect.

Previous work experience in IT architecture and infrastructure.

Additional requirements

Certification: CISSP / OSCP / CEH / Security+

Microsoft Certified: Azure Security Engineer Associate

Microsoft Certified: Cybersecurity Architect Expert