The role of the Lead Security Architect is the management of several Application and Cloud related Security Architecture projects. The Lead Security Architect will own the 3 year roadmap globally for the business and be seen as a subject matter expert on Application Security.
The Lead Security Architect may work across either the Enterprise, Technical, Data or Solutions Architecture disciplines. Focus is on Application & Database Security, Cryptography, Network Security and Information Security Architecture.
This is a chance for an experienced Lead Security Architect professional to join a well known global insurance brand with a huge amount on investment across the entire IT estate. Some key projects include; cloud migration, new underwriting platform and new web applications for claims management.
Lead Security Architect Responsibilities:
- Work with CIO, Product Mangers, Portfolio Managers and Application Managers to ensure the architectural landscape is fully understood.
- Defining and shaping the security roadmap with 1, 3 and 5yr plans where appropriate.
- Providing ad-hoc reports, viewpoints and white papers to respond to management questions, project issues etc.
- Working to integrate relevant teams (modelling, development, Ops etc) and ensure that solution designs are aligned across the business.
- Performing strategic design reviews at key points of the project lifecycle to identify any risks or capability gaps that need addressing
- Facilitating workshops with Technical and Business stakeholders to provide direction or drive issue resolution - providing analysis, distilling down to key decisions, and capturing next steps or plan for issue resolution
Lead Security Architect Skills:
- Domain expertise in three or more areas:
- Network Security (e.g. WAFs, Firewalls, Proxy, IDS/IPS, CASB)
- Information Protection including classification, tagging, and Data Loss Protection
- Identity & Access Management (incl. RBAC, recertification, federation, and MFA)
- Malware detection
- Endpoint security capability (e.g. posture check & isolation, device lockdown, etc.)
- Cryptography (e.g. key & certificate management, hardware security modules, data encryption & rights management solutions)
- Vulnerability management, risk management and threat intelligence
- Application & Database Security (incl. SDLC, code scanning solutions, DB firewall & monitoring)
- Security monitoring, correlation and operations
- Be adept at identifying and addressing emerging domain trends and articulating considerations, impacts and future decisions
- Proven experience using Information Security Frameworks (e.g. ISF, NIST, ISO) and use of Architecture development methods (e.g. TOGAF)
- Previous experience of seeing Security Architecture direction and decision making through to Design, Implementation and Run/Operations.
For more information get in touch with Alec Dewell on 0203 861 9134 or firstname.lastname@example.org