ROLES AND RESPONSIBILITIES
- Act as the Lead Security Architect to the Cyber Security Programme working across multiple projects/workstreams.
- Work alongside the Manager of Global Security Architecture to support defining objectives for each workstream and translate those business objectives into a project scope.
- Define technical, security and process requirements required for various work streams/projects.
- Attend regular project management meetings with cyber security engineers and business stakeholders as and when required, for projects you’re acting as a lead on.
- Work closely with the Cyber Security Team to align the overall security goals & objectives of the program with the overall cyber security, technology and business strategy.
- Work closely with the Security Architecture & Engineering team to support the program with designing the overall security architecture, ensuring appropriate solutions are selected to mitigate threats and fit with the overall security architecture across the organisation.
- Ensure processes or solutions designed, balance business requirements with technology and cyber security requirements.
- Act as a lead on the Cyber Hygiene workstream – PAM, Sophos XDR and Application Security, working closely with the Programme Delivery team and Security Architecture team to ensure delivery deadlines are met.
- Provide support and mentoring to the Cyber Security Engineers where required to support project delivery.
- Work with stakeholders and the architecture team to identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
- A degree in Information Technology, Computer Science or Cyber Security related fields is highly desirable.
- Familiarity with security standards, governance & controls – NIST, CIS, ISO27K family, CSA, OWASP etc.
- Experience across the spectrum of Security Architecture and Governance domains.
- Excellent knowledge on PAM, IAM, and secure device configuration and hardening, making use of CIS benchmarks.
- Experience of supporting an organisation shift to a DevSecOps model, from a DevOps model.
- Good knowledge and understanding of SSDLC processes and integrating security tooling into the development pipeline.
- Past experience of having led the implementation of security solutions such as PAM, EDR/XDR and AppSec tools (SAST, SCA, IAC), SIEM (Splunk) etc.
- Hands-on experience and strong understanding of information technology and enterprise security as a whole.
- Demonstrable experience in the production of technical design documentation, working within a multi-disciplined, multi-supplier environment, planning, and delivering quality results within agreed timescales.
- Excellent written and verbal communication skills as well as business acumen and a commercial outlook.
- Hands on experience of Sophos, Splunk, CIS Benchmarks, Snyk, Rapid 7, Okta, Active Directory and Linux are hugely beneficial.
- Knowledge and understanding of Kubernetes and containers is desirable.
- Strong leadership, project and team-building skills, including the ability to lead teams and drive projects and initiatives across multiple teams.
- Demonstrated ability to identify risks and issues associated within project workstreams and processes and escalate this as and when required.
- The ability to be a cloud and enterprise security subject matter expert who can explain technical topics to those without a technical background.
- Previous experience in a similar role of Technical PM or PM/BA is advantageous
- Security qualifications such as TOGAF, SABSA, CISSP, CCSP, CISA, CISM are desirable.
Levy Associates Limited is acting as an Employment Business in relation to this vacancy.