Menu

G7 Lead Security Architect - 2 posts

Job details
Posting date: 24 March 2020
Salary: £55,646 to £62,861 per year, pro rata
Hours: Full time
Closing date: 13 April 2020
Location: Croydon, London
Company: Government Recruitment Service
Job type: Permanent
Job reference: 48123

Apply for this job

Summary

These critical roles are as security architect for the ‘National Law Enforcement Data Programme’ (NLEDP), which is a major Government IT Programme to deliver the future ‘Law Enforcement Data Service’ as part of the UK’s Critical National Infrastructure.

What you will do day to day

• Working in the Security Architecture function of the National Law Enforcement Data Programme you’ll help to provide the bridge between technology delivery and cyber security assurance to ensure the department can exploit the latest technologies in a manner that addresses its wider risk requirements

• Advise on security considerations, including preparing and reviewing assurance documentation for systems and services, applying the security principles and standards set down by the department, NCSC and Cabinet Office, in particular ensuring systems are ‘secure by design

• Promote and develop the reuse of agreed patterns and approaches and support the development of new variants. Recommend security controls and identify solutions that support a business objective

• Support the preparation and completion of high- and low-level designs

• Collaborate with colleagues across the cyber security team, assurers, accreditors and senior information risk owners to ensure that agreed designs are subject to end-to-end assurance

• Review the current environment to identify critical security deficiencies and identify fixes to be implemented in line with policies

• Keep up-to-date on developments in the security and technology industry to ensure that the technology landscape is kept secure in line with industry and government standards (e.g. Cyber Essentials. Cyber Defence controls and Cloud Principles as appropriate)

• Provide specialist advice and recommend approaches across teams and various stakeholders. This will include advising on key security related technologies and assessing the risk associated with proposed changes

• Inspire and influence others to execute security standards, policies and principles

Job description

You will be someone who:

• Effectively translates cyber risk analysis into standards, patterns and approaches to enable the safe exploitation of current and emerging technologies

• Manages stakeholders’ expectations and is flexible, pragmatic and able to reach consensus

• Designs secure system architectures through the application of patterns and principles, to meet user needs whilst managing risks

• Identifies security issues in system architectures

• Can make and guide effective decisions on risk, explaining clearly how decisions have been reached

• Advises on developments on security properties in technology

• Understands and communicates the impact of vulnerabilities on existing and future designs and systems

• Can demonstrate great partnership skills, in particular the ability to build effective partnerships and trust with peers across the technology organisation

• Has good communication skills, verbal and written, and a good understanding of the use of different channels and formats for different audiences

• Is technology-agnostic and possesses broad knowledge of a range of technologies

• Works with a diverse team across multiple locations

Who you will work with

• Cyber Security teams and programme delivery colleagues to identify, analyse and resolve security problems

• Senior information risk owners and assurers to advise on the security implications on system designs and architectures

• Members of the CSOC and CRT to support testing activity and ensure the secure operation of systems

• Fellow Security Architects within cyber security team and in project and programme teams to ensure the use of repeatable patterns and technologies where appropriate

• Commercial teams to support security vendor selection

• Technical Architects (including 3rd party suppliers) by providing security advisory services on solution options and designs for hardware, software, outsourced services and infrastructure

Responsibilities

Essential skills and experience

• The ability to demonstrate a deep understanding of security architecture principles and practices within complex environments and be able to apply security concepts at a technical level in an innovative way

• Experience of implementing ‘secure by design’ throughout the design lifecycle including the evaluation of the security of solutions and services using both manual and automated techniques

• An excellent knowledge of security tools and technologies at all aspects of a solution; including network, server, cloud and end-user-compute

• Experience of advising, guiding and influencing on cyber security architecture and cyber risk to senior business stakeholders and security advisors

• Working experience of ISO 27001, NIST, BS EN 31111 CoBIT, SOX and/or other Information Security Management frameworks including NCSC standards and guidance including experience of production and evaluation of assurance documentation

• One or more of the following qualifications CISA, CCSP CCP, CISSP, CISM, or CIA, or equivalent; it is desirable to be a CRTSA (Crest Registered Certified Technical Security Architect) or willing to work towards such

Apply for this job