Information Security Architect - 120k

Based in London, my client is a prestigious professional services organisation boasting a workplace with cutting-edge people that is moving with the modern ways of working. Named as one of the leading professional services organisations places to work for three times in a row, the work environment attracts a seasoned professional who wants to be part of the best of breed.

Working as part of the wider Security Architecture, Engineering and Resilience team, the Information Security Architect is the responsible authority with the requisite knowledge to work across a wide variety of portfolios providing Information & Cyber Security domain expertise and skills to help provide strategic technical direction that can optimise enterprise outcomes. This role focuses on the implementation of Information and Cyber Security across multiple portfolios. It is a key role in delivering Information & Cyber Security transformation and helping to ensure that the end vision is being delivered in a secure and resilient way while focusing on the overall experience to the users.

Key Responsibilities

• Maintain a high-level holistic vision of Information Security within enterprise solutions and development initiatives.
• Build, contribute and maintain Information Security input to domain level roadmaps by demonstrating how they deliver the firm's core business capabilities in a secure manner and align to longer term strategic security and business roadmaps.
• Architect, design, build and run security services for the wider IT function including IoT, OT and IT (on-prem and cloud).
• Understand and communicate strategic Information Security themes and other key business drivers for architecture to solution architects and non-technical stakeholders.
• Contribute an Information and Cyber Security perspective to wider architectural initiatives in the portfolio where applicable.
• Attend and participate in Data Governance Board project proposal reviews for use of data to ensure appropriate security and data use.
• Influence Information & Cyber Security best practices with regards to common modelling, design and coding practices, working closely with our application development teams and technical leads to ensure security across the portfolio.
• Collect, generate and analyse innovative ideas and technologies that are applicable to the enterprise in this domain.
• Address Information Security innovation as part of the future of architecture.
• Synchronise the following across solutions whenever applicable: system, data security and quality; production infrastructure; solution user experience governance; scalability, performance and other non-functional requirements.
• Participate in Release Planning activities from an Information Security perspective.
• Work with aligned IT functions to assess security architectural requirements and engagement to fit demand.
• Keep in touch with the reality of the day-to-day Information Security architecture work, listening to the feedback and issues raised by the domain teams to consider and reflect in the roadmaps.

Your career experience so far

In order to perform this role, you will have at least 10 years IT experience, five years of which must be in either a senior engineering role or security architecture role working at senior level in a global organisation. You will have a comprehensive knowledge of all Information Security & Cyber Security domains. Your architecture or engineering experience must be clearly demonstrable and you will have worked as an architect and understand the requirements of architecture frameworks and Information & Cyber Security frameworks such as NIST, Cyber Essentials and ISO27001. Previous experience of working for a global professional service environment or corporate organisation such as legal/finance/banking is essential.

Solid understanding of multiple architecture and security tools, techniques and frameworks TOGAF, SABSA, BSIMM, NIST, ISO 27001 etc. Solid understanding of secure development principles for multiple delivery methods, Agile, Waterfall etc. Practical experience of Information Security Risk Management and Threat Management. The ability to champion Information Security Architecture principles at an enterprise level. Practical experience of working with Prince2, PMP, Lean & Agile delivery tools such as Agile Central (or other similar tools e.g. JIRA) is preferable. Experience of developing IT roadmaps for specific business or technology areas. Experience of working with multiple, diverse technologies and processing environments. Adaptability to adapt security architecture plans to a variety of rapidly changing environments. Ability to build information and system resilience into every architecture plan or system to meet business requirements. Ideally, an Information Security professional with both technical design and engineering expertise in a range of technologies as well as comprehensive knowledge set of Information & Cyber Security frameworks and principles. Fully conversant with the Microsoft suite of tools (E5, DFC, Sentinel, Entra, Defender for IoT). Should have exposure to Endpoint, Data Protection, Threat Intelligence and Application Security technologies. Experience in creating architecture design documents, including HLDs and LLDs. Exposure to data privacy standards and implementations. Extensive senior stakeholder management skills. Able to work on multiple projects simultaneously and manage their time effectively.

Written and Verbal Communications: Highly developed written and verbal communication skills, capable of producing global and sensitive communications to a varied audience at all levels in both Practice Areas and Business Services. Excellent verbal and interpersonal communications skills; some form of customer-facing interaction or consulting experience is a plus.

Qualifications: The ideal candidate will be Certified Information Systems Security Professional (CISSP) or qualified, preferably with either Certified Information Security Manager (CISM).