The role
You will be responsible for maintaining a vision, strategy, and program to ensure our customer's information assets, developed products and technologies are adequately protected. The Security Architect will work on identifying, developing and implementing strategies, processes and procedures across the business to reduce our customers’ information and information technology risks. The Security Architect's influence reaches the entire business.
Key responsibilities
- Consulting with customers for security-related products and services including pre-sales for security services where required
- Deliver a range of security consulting services to customers across technical, organisational and governance domains.
- Clearly articulate and document delivery requirements to other security consultants or architects as required, providing effective handovers to ensure successful outcomes and smooth transitions into support.
- Liaise regularly with the Managed Services team to understand any day-to-day operational challenges and mitigate their impact, where possible, in future services and solutions
- Assist with new product onboarding if required
- Develop and implement information security policies and processes with customers and within their business as directed
- Work with 3rd parties to ensure security policies are implemented and develop appropriate reporting and metrics
- Take a risk-based approach to the continual measurement and enhancement of the security landscape
- Work with the wider IT team to raise the level of information security awareness and compliance with security policies with practical initiatives
Skills and experience
- Enthusiasm for cyber security
- A logical thinker and creative problem solver
- Deep understanding of information security principles
- Appropriate information security qualification (CISM or CISSP)
- Excellent knowledge of security-related legal and regulatory requirements
- Excellent written and verbal communication skills
- Web security experience
- Ability to build strong internal and external stakeholder relationships
- Able to explain information security concepts and risks in terms non-technical people will understand
Product delivery
- Cyber Security Maturity Assessment
- Data Classification Assessment
- A broad range of ad-hoc security consulting and delivery work