An exciting and rewarding open position for an experienced Security Architect. This international media firm is looking to on-board a versatile Security Architect to join their Cyber program on a hybrid working basis (2 DAYS A WEEK MINIMUM) at their London HQ.
This contract is scheduled to run for 6 months with the likelihood of an extension, accompanied by a daily rate outside IR-35. My client is looking for Architects well-versed with working across technology infrastructure. Previous experience in the media sector is preferable.
Familiarity with security standards, governance & controls – NIST, CIS, ISO27K family, CSA, OWASP etc.
Experience across the spectrum of Security Architecture and Governance domains.
Excellent knowledge on PAM, IAM, and secure device configuration and hardening, making use of CIS benchmarks.
Experience of supporting an organisation shift to a DevSecOps model, from a DevOps model.
Good knowledge and understanding of SSDLC processes and integrating security tooling into the development pipeline.
Past experience of having led the implementation of security solutions such as PAM, EDR/XDR and AppSec tools (SAST, SCA, IAC), SIEM (Splunk) etc.
Hands-on experience and strong understanding of information technology and enterprise security as a whole.
Demonstrable experience in the production of technical design documentation, working within a multi-disciplined, multi-supplier environment, planning, and delivering quality results within agreed timescales.
Excellent written and verbal communication skills as well as business acumen and a commercial outlook.
Hands on experience of Sophos, Splunk, CIS Benchmarks, Snyk, Rapid 7, Okta, Active Directory and Linux are hugely beneficial.
Knowledge and understanding of Kubernetes and containers is desirable.
Demonstrated ability to identify risks and issues associated within project workstreams and processes and escalate this as and when required.
The ability to be a cloud and enterprise security subject matter expert who can explain technical topics to those without a technical background.
Previous experience in a similar role of Technical PM or PM/BA is advantageous
Security qualifications such as TOGAF, SABSA, CISSP, CCSP, CISA, CISM are desirable.
Act as the Lead Security Architect to the Cyber Security Programme working across multiple projects/workstreams.
Work alongside the Manager of Global Security Architecture to support defining objectives for each workstream and translate those business objectives into a project scope.
Define technical, security and process requirements required for various work streams/projects.
Attend regular project management meetings with cyber security engineers and business stakeholders as and when required, for projects you’re acting as a lead on.
Work closely with the Cyber Security Team to align the overall security goals & objectives of the program with the overall cyber security, technology and business strategy.
Work closely with the Security Architecture & Engineering team to support the program with designing the overall security architecture, ensuring appropriate solutions are selected to mitigate threats and fit with the overall security architecture across the organisation.
Ensure processes or solutions designed, balance business requirements with technology and cyber security requirements.
Act as a lead on the Cyber Hygiene workstream – PAM, Sophos XDR and Application Security, working closely with the Programme Delivery team and Security Architecture team to ensure delivery deadlines are met.
Provide support and mentoring to the Cyber Security Engineers where required to support project delivery.
Work with stakeholders and the architecture team to identify security design gaps in existing and proposed architectures and recommend changes or enhancements.