Senior Cyber Security Architect - Health Sector

Do you want to be at the heart of some of the most interesting and purposeful projects undertaken to support and protect our country’s Health & Social Care sector? We are proud of the impact we have with Health & Social Care clients, the strength of our relationships, and the variety of our skills and expertise that we bring to help them achieve their mission. We’re growing our teams across all of Technology & Transformation and are keen to expand our expertise in Health & Social Care. If you have an industry background or expertise in how the Health & Social Care sector works, we are very keen to hear from you.

A Security Architect operates as a senior member of the team, responsible for the design of technical security solutions, maintaining documentation, developing architecture patterns and approaches for new technologies and solutions. As a senior member of the team, the Security Architect also brings experience in managing and supporting people and helps others thrive in their careers. The Security Architect will lead technical engagements and bring together technical security SMEs such as Identity, Security Testing, and Privacy to solve business problems.

Your responsibility as a security architect will differ based on the focus of the client engagement and your skillset, but could include:

• Understand clients’ policies and security landscapes and create vision, principles, and architecture solutions.
• Articulate, communicate, and justify design decisions to non-technical stakeholders.
• Maintain relationships with senior technical and non-technical stakeholders.
• Learn new technical solutions from vendors and articulate how they solve client problems by providing the technical design to be adopted (Architecture Patterns).
• Collaborate with vendors and third-party partners to ensure the security of external systems and data exchanges.
• Provide specialist technical advice, recommended approaches, recommended security controls, and identify solutions that meet client business objectives.
• Develop and maintain security architectures, ensuring alignment with business goals, industry standards, established patterns, and regulatory requirements.
• Stay up to date with emerging security threats, technologies, and industry best practices, and provide recommendations for improvement.
• Conduct security audits and assessments to identify gaps and recommend remediation actions.
• Conduct risk assessments and scope vulnerability assessments to identify potential security threats and vulnerabilities.

Candidates will be able to demonstrate relevant knowledge and experience through a combination of qualifications and evidence of work history such as:

• Information Security qualification (or equivalent) e.g. CISSP.
• In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST, CIS, DSPT / CAF).
• Experience as a Security Architect or in a similar role, with a strong track record of designing and implementing security controls and/or solutions and leading technical teams.
• Experience with architecture methodology such as TOGAF or SABSA.
• Experience of threat and risk modeling.
• Strong understanding of network security, encryption, authentication, and access control mechanisms.
• Experience with security technologies such as firewalls, intrusion detection/prevention systems, security information and event management (SIEM) systems, and vulnerability assessment tools, and their configuration options.
• Familiarity with cloud security principles and best practices, including securing cloud-based infrastructure and services (AWS, Azure, or Google).
• Experience of DevSecOps.
• Experience of research in technology trends and ways to secure those technologies.
• Experience with automated deployment techniques and CI/CD pipelines.
• Experience working in or with Government organizations, especially within a Health and Social Care setting, including the handling of assets subject to the Government Security Classification Policy.
• Knowledge of Government cyber requirements, e.g. Secure by Design, JSP 440, CAF or equivalent.
• Experience with public sector procurement and a keen interest in business development.

At Deloitte, we understand the importance of balancing your career alongside your home life. That’s why we’ll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you’ll have the opportunity to work in your local office, virtual collaboration spaces, client sites, and remotely. You’ll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritize your wellbeing.

Making an impact is more than just what we do: it’s why we’re here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before. We want you. The true you. Your own strengths, perspective, and personality. So we’re nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution.