Job Title: Information Security Architect Manager

Location: Sheffield / London / Homeworking

Contract: Permanent

Salary & Benefits: Up to £62,500 per annum + plus performance related bonus.

Purpose of the role:

The Information Security Architect Manager is responsible for leading and managing security assurance activities within company such as planning, implementing, and assisting with the review and assessment of solutions in line with polices and standards.

Main duties:

• Provide information security assurance across the business, ensuring controls are correctly designed and implemented in line with security standards and industry best practices

• Lead the delivery of information security work in coordination with Enterprise Architecture, Solution Delivery and Service Delivery Management and third-party suppliers

• Represent Information Security in the technical design authority committees, review and approve design documents such as option papers, High Level Design (HLD), Low Level Design (LLD) etc.

• Assist the Information Security team in devising Information Security Strategy

• Provide technical supervision and guidance from an information security standpoint to IT and business teams as and when required

• Assist with security risk assessments using formal risk methodologies as and when required.

• Assist in Information Security incidents as required, and where necessary, support Compliance and HR investigations into data breaches or systems misuse.

• Plan and support the company Information security programme in line with agreed priorities timescales, scope and budget

• Effectively communicate the role of security within the business, developing effective mechanisms to disseminate information to key stakeholders and act as the SME for Information Security related queries.

• Oversee penetration testing services and remediation activity

• Develop and manage risk remediation plans, evaluate security and privacy risks, balancing business drivers, best practices, and external drivers

• Create and maintain effective relationships with relevant business teams to facilitate effective communications and delivery.

• Design and deliver the Information Security assurance plan on an annual basis to confirm the ongoing effectiveness of security controls across the business

• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the function.

• Support the production of MI Reports, slide decks and communications as required by various stakeholders such as Operations teams, Board Risk Committees and Executive Committees etc.

Knowledge and experience

• Understanding of Security Assurance and application of Security Frameworks and have a good technical knowledge of network, infrastructure and application security

• Experience working in the IT Security team

• Analytical skills to analyse security requirements and relate them to appropriate security controls.

• Experience in performing risk assessment, IT audits, security planning, systems accreditation, policy and standards development;

• Experience in providing security assurance across various operating systems, virtualisation and containerisation platforms, networking and Cloud Architecture

• Demonstrable knowledge in delivering solutions around security concepts such as, Zero Trust Architecture, Endpoint Device Management, Threat Modelling and DevSecOps

• Demonstrable experience delivering project around themes of data migration, data loss prevention, data storage, process optimisation and automation

• Experience developing and maintaining written security controls, compliance monitoring, and defining treatment strategies;

• Experience with various cloud services architectures such as Azure, AWS, Google, Salesforce

• Experience in process optimisation and automation.

• Good technical knowledge of network, infrastructure, and application security

• Sound knowledge of industry best practices such as OWASP, NIST and NCSC guidance

• Prior work experience in Financial Services sector (preferred but not essential);

• Good stakeholder management skills, with an ability to understand and communicate technical detail to a non-technical audience.

Qualifications:

Bachelor’s degree or equivalent experience in computer science, IT engineering, or related field (preferred but not essential)