Information Security Architect - City of London

IT/Information/Cyber Security
Ref: 179 Date Posted: Wednesday 10 Jul 2024
Title:                    Information Security Architect
Reference No:    2144
Company:           Financial Services
Location:             Can be based in UK, Ireland, Belgium, Luxembourg or Isle of Man
Reports to           Group CISO
Salary:                  £100,000
 
The Role
 
The Information Security Architect is a key role in ensuring appropriate security posture of the Group. You will join a growing information security team and take accountability for managing security architecture of the company and technical designs of IT solutions.  The Group of Companies operates across 10+ offices and data centre locations globally and is actively expanding into new territories.
 
Responsibilities
  • Provide requirements, support and control security stage gates to IT and business programmes and projects to ensure security is appropriately addressed. Act as a Technical Design Authority for security.
  • Provide a high level of security consultancy and engineering support for Windows/Azure/Linux security solutions including analysis and development of security solutions.
  • Provide architecture assurance on security initiatives and compliance of existing security standards
  • Contribute to the vision, strategy, and drive design and implementation for security platforms both on premises and in the cloud
  • Provide security consultancy and engineering support for security solutions.
  • Present current security risks and threats at technical and managerial levels.
  • Actively monitor new and emerging security and privacy related technologies, trends, issues, and solutions and assess their applicability to key business initiatives and strategies.
  • Participate in Information Security Incident Response activities for the environment.
  • Monitor compliance with the organization's information security policies and procedures among employees, contractors and third parties.
  • Liaison with key stakeholders to create and enforce policy including business departments, IT, Legal, Internal Audit, and Compliance.
  • Lead the effort to ensure security compliance in accordance with regulatory security standards required by appropriate governing bodies.
  • Provide support to Security and other technical operations staff to ensure smooth turnover from Development to Production - and provide mentoring to junior level security professionals.
  • Develop and maintain documentation of all Security products including specific tools, technologies and processes.
  • Assist in M&A security due diligence activities – as needed.
 
Role Requirements
  • Minimum of 3 years experience in similar role, 5 years experience in Information Security
  • Experience implementing security risk control management frameworks – i.e. CIS/SANS20, NIST CSF, ISO27001/27002
  • Excellent understanding and experience of engineering Microsoft security solutions – including desktop and server operating systems, Active Directory, Group Policy, DNS, Messaging.
  • Experience managing IaaS, SaaS solutions and services using CI/CD pipelines. Jenkins, Terraform experience is a strong plus
  • Solid understanding of SAML, OIDC and Kerberos authentication and related technology controls and best practices.
  • Strong Experience with Office 365 security controls including usage of Azure Active Directory, Conditional Access, o365 logging APIs, Microsoft CAS, and Microsoft Authenticator.
  • Experience in Networks and Security monitoring, SIEM, Firewalls, Identity & Access management, Risk and Vulnerability Management, Incident management & response
  • Expertise in security tools such as email security solutions, web filtering, data leakage protection and intrusion detection systems;
  • Understanding and experience with implementing Data Loss Prevention (DLP) solutions, policies, and technologies.
  • Understanding of Azure Information Protection (AIP) and its components, including labelling, classification, and encryption.
  • Ability to develop and implement strategies to ensure compliance with industry and data protection regulations (such as BMA, MAS, EU financial sector regulations, DORA, GDPR).
  • Strong knowledge and experience in a variety of security technologies including: EDR, SIEM, Vulnerability Management.
  • Demonstratable and fundamental experience working within a cloud environment and cloud networks would be advantageous – e.g. Azure, AWS;
  • Ability to work independently and think proactively.
  • Good interpersonal, written and verbal communication and engagement skills with experience engaging own team,  all levels of employees and external partners;
  • Must have excellent organisational skills with attention to detail; be a self-starter and able to prioritize in a fast moving, high pressure, constantly changing environment; high sense of urgency
  • Be energetic, passionate with a positive attitude
  • Relevant security certification (CISSP, GCIA, CISM, CRISC, CEH etc.) and/or product certifications (Microsoft Security, Azure, Windows, AD etc.) a plus.