Information Security Architect

Noord-Holland  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Description

For a client in the area of Amsterdam Harvey Nash is looking for an Information Security Architect

Start: ASAP

Duration: 3-6 months

Purpose of the role:

Security, Risk & Compliance

The Information Security Architect will design and maintain the Global IT Security Architecture, based on the ISO27001 control framework, the information security policies and standards; and the Enterprise Architecture governance framework.

The Information Security Architect will be the liaison between the Global Information Security team and the Enterprise Architecture team ensuring effective risk management to ensure that appropriate/effective information security controls are implemented in any new solutions.

The Information Security Architect will shape and ensure projects delivering architecture components remain compliant throughout the plan, design and build. The Information Security Architecture will be responsible for agreement and the subsequent issuing of waivers to projects for exceptions to governance principles, standards and policies. The Information Security Architecture will be responsible for the acceptance of new technologies and/or standards into the application and infrastructure portfolios. The Information Security Architect will work with the information security community and Compliance Team, including Risk Management and Express Audit functions to ensure alignment at group level.

Key activities:

The Security Architect is responsible for developing and maintaining the Information Security Management System (ISMS), ensuring that appropriate information security controls are in place and effective.

This role has the following responsibilities:

Researching future technologies and providing guidance for adoption of information security controls in projects and the design/adoption of systems.

Provide choice and guidance on web technologies, including the relative security of the available options.

Consulting and guidance on authentication and encryption.

Leadership and oversight of Enterprise Architecture (EA) information security, setting high level strategy, policy and controls.

The management of and provision of expert advice on, the selection, design, justification, implementation and operation of EA information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.

The independent, risk-based assessment of the adequacy and integrity of controls in information processing systems, including hardware, software solutions, information management systems, security systems and tools, communications technologies (web-based and physical).

The independent assessment of the conformity of any activity, process, deliverable, product or service to the criteria of specified standards, such as ISO 27001, local standards, best practice, or other documented requirements. May relate to, for example, asset management, network security tools, Firewalls and Internet security, Real Time systems and application design.

Essential Education:

Educated to at least bachelor degree level in a relevant IT-related subject

Preferred Experience and Knowledge:

Minimum 3 years experience in an information security architecture role within a large/complex organisation with knowledge of technologies, processes, and concepts such as symmetric and asymmetric cryptography, IPSec, TLS, Authentication and Authorisation.

3-5 years experience in security aspects of Cloud-Based solutions and application controls and defenses.

Experience with industry standard authentication and authorisation approaches including SAML and OAuth. Specific experience with attribute based (ABAC) and/or role based (RBAC) access models and experience of implementing an Identity and Access Management system.

Expertise in security related Internet protocols (IPSec, SSL/TLS) and familiarity with common Internet protocols (IP, TCP, UDP, RTP, DNS, HTTP, SIP).

Fluent and familiar with all phases of product life cycle from definition, design, development and test to deployment, field support and end of life.

Good understanding and experience in the use of The Open Group Architecture Framework (TOGAF).

Experience working across IT functions, consulting and influencing to ensure delivery of information security related controls within complex projects.

Sound, wide business knowledge and an understanding of current and emerging information technologies and their level of maturity and stability.

Has extensive technical understanding and the aptitude to remain up to date with IT security and developments

Necessary Technical/Functional Skills:

Effective and persuasive communicator. Excellent written communication skills, able to produce high quality technical and non-technical documentation. Educated to at least Bachelor level in a related subject. Can describe complex technical requirements in understandable manner. Has a quality outlook on delivery. Can clearly articulate the various standards and methodologies used in delivery of architectures (COBIT, TOGAF, SABSA).

Fully competent in Microsoft Office products.

Experience of protocols such as XACML, SAML, WS-Security, etc.

Familiarity with the Jericho Forum's Identity, Entitlement & Access Management (IdEA) principles and the work of the Global Identity Foundation.

Familiarity with the Unified Modelling Language (UML).

Familiarity with protocols such as XACML, SAML and WS

Fixed Competencies:

Champions Development

Realises Performance Through Others

Drives Strategic Change and Innovation

Understand Customers and Markets

Demonstrates Business Ethics

Engages and Inspires Others

Start date
ASAP
Duration
3-6 months
From
Harvey Nash IT Recruitment Netherlands
Published at
25.11.2015
Project ID:
1026167
Contract type
Freelance
To apply to this project you must log in.
Register