Security Architect (Cyber Security)

The security architect is responsible for leading on the following activities and functions:

·       Develop and maintain a security architecture process that enables the enterprise to develop and implement security capabilities clearly aligned with business, technology and risks.

·       Develop security strategy plans and roadmaps based on sound architecture practices

·       A key member of the Design Authority Board and approver of technology architecture work.

·       Validates IT infrastructure including cloud systems and other reference architectures for security best practices, recommending changes to enhance security and reduce risk.

·       Validate security configurations and access to security infrastructure tools, including but not exclusively firewalls, IPSs, WAFs, EDR, endpoint security, security monitoring systems.

·       Review network segmentation and practices to ensure least privilege for access.

·       Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations.

·       Participate in application and infrastructure projects to provide security advice, acting as security design authority, ensuring systems are secure-by-design.

·       Draft security procedures and standards to be reviewed and approved by executive management and/or formally authorised by the CISO.

·       Determine baseline security configuration standards for operating systems (e.g., OS hardening), network segmentation, and identity and access management (IAM).

·       Develop standards, practices and procedures for data encryption and tokenisation in the organization, based on the organisation's data classification criteria.

·       Conduct or facilitate threat modeling of services and applications that tie to the risk and data associated with the service or application.

·       Coordinate with any DevOps teams to advocate secure coding practices, and to escalate concerns related to poor coding practices to the CISO.

·       Coordinate with the privacy officer to document data flows of sensitive information in the organization (e.g., PII) and recommend controls to ensure that this data is adequately secured and with privacy by design (e.g., encryption and tokenisation).

·       Liaise with the vendor management team and security compliance team when they conduct security assessments of existing and prospective vendors, especially those with which the organisation shares intellectual property (IP), as well as regulated or other protected data.

Key Relationships

Security architects are expected to advocate for security requirements and objectives across the business, not only IT, while ensuring that security architectures and practices do not impede the needs of the business. Specifically, the security architect will serve as a technical sounding board for the CISO’s interaction with other line-of-business areas in the organisation. The security architect will be expected to evaluate new services, vendors, applications and security tools, among other items, from a technical perspective, and to translate the risk characteristics of these activities and functions into pragmatic, business risk terms that the CISO can communicate to colleagues in the organisation.

 

Security and Technical Experience

·       Experience designing the deployment of applications and infrastructure into cloud services.

·       Strong experience with Identity frameworks, designing technologies, services and toolsets such as Okta, SailPoint, Beyond Trust, DigiCert.

·       Familiar with control frameworks such as ISO, NIST, CIS, Threat Modelling frameworks such as a MITRE, and being able to direct CVE mitigations.

·       Direct, hands-on experience or strong working knowledge of implementing / managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, EDR, web filtering, email filtering, Identity Management.

·       Experience and a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services.

·       Strong experience working with cloud infrastructure based on MS Azure, M365, Windows.

·       Knowledge of IT infrastructure, e.g.

·       Applications

·       Databases

·       Operating systems — Windows, Unix and Linux

·       Hypervisors

·       IP networks — WAN and LAN

·       Backup networks and media

What can we offer you?

·       Upto £80K

·       25 days holidays plus bank holidays, plus option to purchase additional leave

·       Generous pension scheme & Single medical insurance

·       Employee scholarship scheme

·       Benefits Central Platform hosting employee reward and recognition initiatives and health and wellbeing resources

·       Bravo Awards which recognise outstanding contributions from all employees and encourage excellence

More about us:

Chubb is a leading provider of fire safety and security solutions & services for customers worldwide. We have been protecting people and assets for over 200 years. Today, our 14,000 employees in 250 branches in 17 countries work to make the world safer, protect people and provide peace of mind. Our fire, security and monitoring services cover more than 1.3 million sites around the world.

 

We welcome applications from Security Architects live within a commutable distance of Blackburn, Manchester, Liverpool, Preston, Burnley or Ashford, Reading, Slough, Woking, Reading