- Posted 27 January 2024
- LocationUnited Kingdom
- Job type Permanent
My client, a payments processing specialist, is seeking a Security Architect to join their team.
This is a permanent role and you will be required to travel to their London office on a weekly hybrid basis.
Essential Job Duties and Responsibilities:
- Develop responses to customer security requirements with engineering and business development teams for customer bids
- Develop my client's security response to customer variation requests and ensure customer understanding of the impact of their request against new and existing security risks.
- Create the delivery of design and build / operations and maintenance budget requirements for customer bids and variation requests. Provides financial requirements for cyber resilience controls and security labour estimates in cost models for presentation to senior leadership.
- Develop assurance for security requirements to be developed by DevOps, system engineers and other project team staff according to my client's cyber resilience engineering policies and customer needs and ensure that these requirements are supportable and clearly documented.
- Develops all security risk assessment / business impact analysis/ audit for new and existing business applications or IT infrastructure and leads advice and guidance on the application and operation of physical, procedural and technical security controls within all engineering and IT solutions.
- Degree or equivalent qualifications/experience
- Certification as an Information Security professional (e.g. IISP/CISA/CISM/CISSP/CCSP/ ISA)
- Information privacy/ data protection – CIPPE/ + CIPM
- HMG IA qualifications/ CLAS; CREST-registered penetration tester and/or security architect
- ITIL v3/ Prince2 foundation level/ TOGAF
- Security and IT infrastructure/ networking vendors’ certifications
- Solid exposure of taking a leading role in the establishment and implementation of security architecture, policies and procedures.
- Experience of secure development lifecycles (SDLC)
- Good understanding of enterprise-scale security management process and infrastructure
- Exposure to current IT Security standards and regulations such as PCI-DSS, ISO 27001, SOX, DPA
- Exposure to enterprise IT infrastructure and tools (e.g. MS Windows Server, Cisco, Linux)
- Superior network infrastructure and protocol knowledge
- Experience of transactional revenue, embedded, smartcards and mobile payment systems
- Knowledge / experience of security architecture of major public cloud services e.g. Microsoft Azure, Amazon Web Services, Google Cloud, Cloud Access Service Brokers
- Knowledge of cryptographic services
- Knowledge of wider security, audit, risk and compliance standards e.g. PCI-P2PE, PCI-POI-PTS, ISO 27701, ISO27005, ISO31000, NIST, GDPR and governance/ risk/ compliance tools
- Requirements analysis and tracing tools such as DOORS and SD Elements; OneTrust privacy tool
- Understanding of security within DevOps and waterfall project methods, product development
- Experience of application security testing tools and devops frameworks, e.g. SonarQube, JIRA, static & dynamic code analysis/ “fuzzing”
- Development tools/ environments; Java, Visual Studio, C#
- In depth understanding of information security control tools, e.g. Splunk, Crowdstrike, Trend Micro DeepSecurity, Imperva WAF, Tenable.IO/ Nessus, TripWire, Cisco IPS, F5, Centrify
- Experience of quality management systems and external audit standards e.g. ISO 9001, ISAE3402