Security Architect (Application Migration) in England

A part of our business is separating away from the group and we need a Security Architect to migrate a large number of Applications.

Job Purpose: The Security Architect is responsible for ensuring robust security solutions protecting our Service's sensitive data and IT infrastructure. This role involves contributing and reviewing designs, conducting risk assessments, developing security policies, and ensuring compliance with industry regulations.

Responsibilities:

• Information Security: Lead in detecting and analysing security incidents including attacks, breaches, and identified vulnerabilities and remediate any security gaps in line with the security incident management procedure.
• Information and Business Advice: Provide specialist advice on the interpretation and application of policies and procedures, resolving complex or contentious queries and issues and enabling others to take appropriate actions.
• Stakeholder Management: Plan and deliver stakeholder engagement activities to develop effective project working relationships and to ensure that stakeholder needs and concerns are identified and met.
• Enterprise Architecture: Create/manage architecture storyboards/viewpoints that articulate business requirements.
• Analysis of 'As Is' and 'To Be': Document 'as is' and 'to be' processes and describe the changes required to migrate to the 'to be' capability to record accurately the change required.
• Horizon Scanning: Explore and develop a detailed understanding of external developments or emerging issues and evaluate their potential impact on, or usefulness to, the organisation.
• Organisational Risk Management: Ensure the organization is not exposed to undue risks by using risk management systems to achieve specific goals within a designated area of the business.
• Operational Compliance: Monitor and review performance and behaviours within area of responsibility to identify and resolve non-compliance with the organisation's policies and relevant regulatory codes and codes of conduct.
• Policies and Procedures Development: Draft policies, procedures, and related guidelines within an area of expertise to meet defined key principles and ensure compliance with external requirements.
• Personal Capability Building: Act as subject matter expert in an area of technology, policy, regulation, or operational management for the team. Maintain external accreditations and in-depth understanding of current and emerging external regulation and industry best practices through continuing professional development, attending conferences, and reading specialist media.

Behaviours:

• Manages Complexity: Makes sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.
• Optimises Work Processes: Knows the most effective and efficient processes to get things done, with a focus on continuous improvement.
• Cultivates Innovation: Creates new and better ways for the organisation to be successful.
• Business Insight: Applies knowledge of business and the marketplace to advance the organisation's goals.
• Ensures Accountability: Holds self and others accountable to meet commitments.
• Action Oriented: Takes on new opportunities and tough challenges with a sense of urgency, high energy, and enthusiasm.
• Balances Stakeholders: Anticipates and balances the needs of multiple stakeholders.
• Communicates Effectively: Develops and delivers multi-mode communications that convey a clear understanding of the unique needs of different audiences.
• Situational Adaptability: Adapts approach and demeanor in real time to match the shifting demands of different situations.

Skills:

• IT security: Uses comprehensive knowledge and skills to act independently while guiding and training others on maintaining the security, integrity, compliance and continuity of IT systems and services.
• Architecture: Uses comprehensive knowledge and skills to act independently while guiding and training others on designing architectures that meet system and service requirements.
• IT Implementation and integration: Works without supervision and provides technical guidance when required on implementing, configuring and optimising IT systems and services, while ensuring smooth integration with existing IT infrastructure.
• Business Requirements Analysis: Uses comprehensive knowledge and skills to act independently while guiding and training others on analysing the business requirements that IT solutions must meet.
• Analyse Current State/AS-IS State: Works with full competence to understand business context, needs, rules, and architecture, as well as organizational structure, cultures, capabilities, and processes to document the current state of processes and the business.
• Define Future State/TO-BE State: Works with full competence to envision and document the future state of processes and products by identifying the solution scope, potential value of the future state, and the changes to the process, products, organisation infrastructure, capabilities, and technology necessary to achieve the desired future state.
• Policy and Regulation: Works independently and provides guidance and training to others while interpreting and applying comprehensive knowledge of laws, regulations and policies in area of expertise.
• Compliance Management: Uses comprehensive knowledge and skills to act independently while guiding and training others on achieving full compliance with applicable rules and regulations in management and/or operations.
• Risk Management: Identifies, assesses, prioritises and manages risks without supervision and provides technical guidance when required.
• Stakeholder Expectation Management: Works with full competence to identify potential stakeholders, analyse their expectations, and develop strategies for managing stakeholders and their expectations.

Experience:

• Experience with security related software and systems such as SIEM.
• Knowledge of Security Architecture Frameworks such as SABSA or equivalent.
• Knowledge of Cyber Security Frameworks such as NIST, ISO 27001 or equivalent.
• Some experience of agile working e.g. SAFe.
• Managerial Experience.
• Experience of general supervision of more junior colleagues.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.