Description
My client are seeking a Cyber Security Architect for an initial 6 month contract role, paying £550 per day (Umbrella).
Experience required for the role
- Cyber security experience
- Good architectural principals around security
- Close alignment to Microsoft security products
- Extensive IT and security work experience, with a broad exposure to infrastructure/network and multiplatform environments.
- In-depth knowledge of risk assessment methods and technologies and proficiency in performing risk, business impact, control and vulnerability assessments.
- Experience in developing, documenting and maintaining security policies, processes, procedures and standards, assessment and specification of appropriate technology controls on basis of risk/threat.
Functional and Technical Skills
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is required.
- Formal training and experience in a relevant enterprise architecture methodology (for example, the Zachman Framework or TOGAF).
- Expert knowledge of security issues, techniques and implications across all existing computer platforms.
- Knowledge of a security-specific architecture methodology (for example, SABSA).
- Proven ability in security process and organizational design.
- In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls
- Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
- Experience with common information security management frameworks, such as International Standards Organization (ISO) and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks
- Strong understanding of business applications, including enterprise resource planning (ERP) and financial systems
- Familiarity with relevant legal and regulatory requirements, such as the UK Data Protection Act
Key Accountabilities
- Works closely with enterprise architects, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
- Develops the business, information and technical artefacts that constitute the enterprise information security architecture and solutions.
- Serves as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
- Contributes to the alignment of security governance with EA governance and project and portfolio management (PPM)
- Researches, designs and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors.
- Contributes to the development and maintenance of the information security strategy.
- Evaluates and develops secure solutions, based on approved security architectures. Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks.
- Communicates security risks and solutions to business partners and IT staff
- Manage the security architecture to support the implementation of policy, standards and other security requirements within the project
- Ensure protection of information using data-centric security approaches. Ensure alignment with system life cycle through security risk assessments and input into design and architecture.
- Provide expert guidance on security matters
- Represent the security function, model and requirements in project activities
- Recommend updates to the established security model
- Assist project members in the identification, specification, design and implementation of appropriate security controls
- Provide updates to the test plan
- Coordinate and assist on security testing, including third party penetration testing
- Perform risk assessments and threat models to derive control objectives
- Identify and escalate unaddressed risks and threats
- Provide updates on risks, threats and overall security status to Information Security management and other stakeholders
Applicants must be willing to engage via an Umbrella Company.