Title of Job: Information Systems Security Architect
Reports to: Chief Information Security Officer (CISO)
Division: Information Technology
Purpose of the Job:
A design and governance role for the Information Systems Security functional support line across Engie UK Services expected to drive security alignment throughout the business, ensure the proposed solutions are in line with security policy, standards, industry best practice, governance and compliance frameworks; ensure our business data and systems are designed to be secure; improve cost & business process efficiency; deliver added value and competitive advantage through innovation.
Acts as Design lead for all IT/cyber security projects throughout Energy Services
Ensures security architecture is consistent with other architecture elements and addresses internal and external security compliance requirements
Supports projects and programmes by creating high-level security designs and ensures detailed designs conform to security considerations
Engages with the business from the bidding phase through to delivery of the project on all matters of technical security and, when necessary, in issues relating to security governance
Define technical security standards and draft policies when required
Provide technical advice on implementation of security controls across corporate and business systems such as ISO 27001 and PCI DSS controls
Aid in the coordination of all information security, cyber security and IT architectural design and risk management for all IT services across the UK organisations facilities.
Critical to the success of this role will be to ensure that the following areas are covered:
Provides comprehensive IS assurance and compliance assessments, promotes industry best practice through design, controls, audits and reporting
Is engaged in advising on, acquiring and maintaining relevant security accreditations for the business e.g. ISO27001
Supports IS legal discovery and investigations e.g. searches related to fraud, employment dispute or other misconduct
Engages in cyber service design as part of new projects / mobilisations to ensure solutions are secure
Carries out IS monitoring e.g. network traffic analysis, looking for anomalies etc...
Verifies security systems by developing and implementing test scripts
Ensures security systems are up to date by monitoring security environment; identifying security gaps; evaluating and implementing enhancements
Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues; preparing cost estimates
Maintains security by ensuring compliance to standards, policies, and procedures; conducting incident response analyses; developing and conducting training programs
Assists Infrastructure and Operations with IS incident management e.g. response to virus attacks, denial of service, etc. and service recovery, including coordination with Group Security Operations Centre
Continually updates knowledge by tracking and understanding emerging security practices and standards; reading professional publications; participating in professional organizations (ISACA, ISC2, etc.)
Enhances IT Securitys reputation by accepting ownership of and accountability for new and time dependant requests; exploring opportunities to add value to job accomplishments and by planning delivery of solutions
Represent IT as the lead security architect to the technical architecture group
Identify and address security vulnerabilities within information assets, information processing systems and networking environment
Represent IT Security at the Change Control Board in the absence of CISO
Bachelor or Master degree in an in a Computer Science, Engineering or IT discipline, or equivalent through experience
CISSP (Certified Information Systems Security Professional) certification
Microsoft certification such as MCSA, MCSE
Cisco Certified CCNA, CCNP, CCSE, etc.
Certified Ethical Hacking (CEH)
Qualys Vulnerability Management
Checkpoint Certified CCSA, CCSE, etc.
Anti-Virus vendor certification from Symantec, McAfee, Sophos, TrendMicro, etc.
Industry recognised IT Architecture qualification (e.g. TOGAF)
ISO 27001 & PCI DSS Implementer/auditor certification
The job holder will have:
Hands-on experience in designing and implementing effective security solutions based on industry best practice, highly commercial, time-to-market conscious
Extensive current knowledge and experience of key security and data requirements and solutions, in particular Data retention, vulnerability threats (e.g. Cross-site Scripting, SQL Injection, etc.) encryption and PCI
A broad understanding of all stages of systems development and product delivery.
A background in network and application architecture covering different technology stacks, platforms and protocols
Ability to communicate effectively with people at a technical, functional, tactical and strategic level, involving presentations, documentation, meetings and negotiations
Corporate industry and professional standards
Product/Technology evaluation and selection.
Experience and understanding of security requirements to meet national governance standards (DPA, etc.)
Knowledge and Skills:
The job holder will have:
Strong technical background in information security within both IT infrastructure and development fields
Experience in working within recognised audit standards such as ISO27001 and SOC1
Good understanding of cloud platforms including account management, access control, security groups, network configuration, etc.
Good skill set in IT infrastructure security platforms such as networking, firewalls, IPS & IDS, AV
Good knowledge of encryption and encryption key management
Able to perform audits on corporate systems to assess technical vulnerabilities
Strong communicator with excellent written communication skills and the ability to communicate with all levels both internally and externally.
Strong analytical and organisational skills with the ability to work independently, as well and as part of a wider team, with minimal supervision.
Deadline driven with the ability to be flexible and adapt as required.
Ability to commit to travel.
Experience with MS Azure and Qualys is an advantage.
Information security certifications such as CISA, CISSP, CISM, CRISC, and ISO/IEC 27001 Lead Auditor.
Advertised through Zoek d471cb86507f4bb0913aec6719dcce660