Security Architect in England

Security Architect
£750 Charge per day
6 months
Remote with travel to Reading or Portsmouth

My client in the utilities industry are looking for a Security Architect to join their fast paced team on an initial 6 month contract role.

Details on the role-
A formal information security architecture process is one of the key enablers of a security programme. It is the planning process that provides the models, templates and principles that are used to design, implement and operate information security solutions. It enables consistency, leverage and reuse to satisfy the business requirements for security services in an optimum manner. The role of the information security architect demands business insight; technical acuity; and the ability to think, communicate and write at various levels of abstraction.

Skills / Experience

Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is required.
Formal training and experience in a relevant enterprise architecture methodology (for example, the Zachman Framework or TOGAF).
Knowledge of a security-specific architecture methodology (for example, SABSA).
Experience with common information security management frameworks, such as International Standards Organisation (ISO) and the IT Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CobiT) and National Institute of Standards and Technology (NIST) frameworks
In-depth knowledge of risk assessment methods and technologies
Proficiency in performing risk, business impact, control and vulnerability assessments
Strong understanding of business applications, including enterprise resource planning (ERP) and financial systems
Familiarity with relevant legal and regulatory requirements, such as the UK Data Protection Act
Coaching and mentoring of more-junior technical staff will be required.
Strong conceptual thinking and communication skills - the ability to conceptualise complex business and technical requirements into comprehensible models and templates.
Ability to work well under minimal supervision.
Team-oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors and IT and business personnel.
Demonstrable written and verbal communication skills.
Ability to interact with company staff at all levels up to senior and across all business units and organisations, and to understand business imperatives
Strong leadership abilities, with the capability to develop and guide business, project and information security team members
A strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience and build long-term relationships
Assessment and specification of appropriate technology controls on basis of risk/threat
This is an expert/lead technical role. It defines the information security architecture and design for the enterprise.
This person works on multiple projects as a project leader or as the subject matter expert.
The role is involved in projects or issues of high complexity that require in-depth knowledge across multiple technical areas and business segments.
Strong analytical skills, to analyse security requirements and relate them to appropriate security controls

Key Accountabilities
Works closely with Lead Security architect, other functional area architects and security specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
Develops the business, information and technical artefacts that constitute the enterprise information security architecture and solutions.
Serves as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices.
Evaluates and develops secure solutions, based on approved security architectures. Analyses business impact and exposure, based on emerging security threats, vulnerabilities and risks.
Communicates security risks and solutions to business partners and IT staff
Manage the security architecture to support the implementation of policy, standards and other security requirements within the project
Ensure protection of information using data-centric security approaches. Ensure alignment with system life cycle through security risk assessments and input into design and architecture.
Provide expert guidance on security matters
Represent the security function, model and requirements in project activities
Recommend updates to the established security model
Assist project members in the identification, specification, design and implementation of appropriate security controls
Provide updates to the test plan
Coordinate and assist on security testing, including third party penetration testing
Perform risk assessments and threat models to derive control objectives
Identify and escalate unaddressed risks and threats
Provide updates on risks, threats and overall security status to Information Security management and other stakeholders

Experience
Strong combined IT and security work experience, with a broad exposure to infrastructure/network and multiplatform environments.
Expert knowledge of security issues, techniques and implications across all existing computer platforms.
Proven ability in security process and organisational design.
In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans
Experience in developing, documenting and maintaining security policies, processes, procedures and standards
Understanding of energy/utility sector
Good understanding of risks and threats to UK energy sector, control systems, smart grid and metering, network, consumer technologies and customer data
Understanding of energy/utility sector

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.