Lead Security Architect

Job Title: Lead Security Architect
Contract Type: Permanent
Location: City of London, London
Salary: £80000 - £95000 per annum
REF: 100956_1525114145
Contact Name: Alec Dewell
Contact Email:
Job Published: 9 months ago

Job Description

The role of the Lead Security Architect is the management of several Application and Cloud related Security Architecture projects. The Lead Security Architect will own the 3 year roadmap globally for the business and be seen as a subject matter expert on Application Security.

The Lead Security Architect may work across either the Enterprise, Technical, Data or Solutions Architecture disciplines. Focus is on Application & Database Security, Cryptography, Network Security and Information Security Architecture.

This is a chance for an experienced Lead Security Architect professional to join a well known global insurance brand with a huge amount on investment across the entire IT estate. Some key projects include; cloud migration, new underwriting platform and new web applications for claims management.

Lead Security Architect Responsibilities:

  • Work with CIO, Product Mangers, Portfolio Managers and Application Managers to ensure the architectural landscape is fully understood.
  • Defining and shaping the security roadmap with 1, 3 and 5yr plans where appropriate.
  • Providing ad-hoc reports, viewpoints and white papers to respond to management questions, project issues etc.
  • Working to integrate relevant teams (modelling, development, Ops etc) and ensure that solution designs are aligned across the business.
  • Performing strategic design reviews at key points of the project lifecycle to identify any risks or capability gaps that need addressing
  • Facilitating workshops with Technical and Business stakeholders to provide direction or drive issue resolution - providing analysis, distilling down to key decisions, and capturing next steps or plan for issue resolution

Lead Security Architect Skills:

  • Domain expertise in three or more areas:
    • Network Security (e.g. WAFs, Firewalls, Proxy, IDS/IPS, CASB)
    • Information Protection including classification, tagging, and Data Loss Protection
    • Identity & Access Management (incl. RBAC, recertification, federation, and MFA)
    • Malware detection
    • Endpoint security capability (e.g. posture check & isolation, device lockdown, etc.)
    • Cryptography (e.g. key & certificate management, hardware security modules, data encryption & rights management solutions)
    • Vulnerability management, risk management and threat intelligence
    • Application & Database Security (incl. SDLC, code scanning solutions, DB firewall & monitoring)
    • Security monitoring, correlation and operations
  • Be adept at identifying and addressing emerging domain trends and articulating considerations, impacts and future decisions
  • Proven experience using Information Security Frameworks (e.g. ISF, NIST, ISO) and use of Architecture development methods (e.g. TOGAF)
  • Previous experience of seeing Security Architecture direction and decision making through to Design, Implementation and Run/Operations.

For more information get in touch with Alec Dewell on 0203 861 9134 or