About the role
Reporting to the Group CISO, the Information Security Architect is a key role in ensuring appropriate security posture of the Group. You will join a growing information security team and take accountability for managing security architecture of the company and technical designs of IT solutions. The Group of Companies operates across 10+ offices and data centre locations globally and is actively expanding into new territories.
Responsibilities
- Provide requirements, support and control security stage gates to IT and business programmes and projects to ensure security is appropriately addressed. Act as a Technical Design Authority for security.
- Provide a high level of security consultancy and engineering support for Windows/Azure/Linux security solutions including analysis and development of security solutions.
- Provide architecture assurance on security initiatives and compliance of existing security standards
- Contribute to the vision, strategy, and drive design and implementation for security platforms both on premises and in the cloud
- Provide security consultancy and engineering support for security solutions.
- Present current security risks and threats at technical and managerial levels.
- Actively monitor new and emerging security and privacy related technologies, trends, issues, and solutions and assess their applicability to key business initiatives and strategies.
- Participate in Information Security Incident Response activities for the environment.
- Monitor compliance with the organization's information security policies and procedures among employees, contractors and third parties.
- Liaison with key stakeholders to create and enforce policy including business departments, IT, Legal, Internal Audit, and Compliance.
- Lead the effort to ensure security compliance in accordance with regulatory security standards required by appropriate governing bodies.
- Provide support to Security and other technical operations staff to ensure smooth turnover from Development to Production - and provide mentoring to junior level security professionals.
- Develop and maintain documentation of all Security products including specific tools, technologies and processes.
- Assist in M&A security due diligence activities - as needed.
Role Requirements
- Minimum of 3 years experience in similar role, 5 years experience in Information Security
- Experience implementing security risk control management frameworks - i.e. CIS/SANS20, NIST CSF, ISO27001/27002
- Excellent understanding and experience of engineering Microsoft security solutions - including desktop and server operating systems, Active Directory, Group Policy, DNS, Messaging.
- Experience managing IaaS, SaaS solutions and services using CI/CD pipelines. Jenkins, Terraform experience is a strong plus
- Solid understanding of SAML, OIDC and Kerberos authentication and related technology controls and best practices.
- Strong Experience with Office 365 security controls including usage of Azure Active Directory, Conditional Access, o365 logging APIs, Microsoft CAS, and Microsoft Authenticator.
- Experience in Networks and Security monitoring, SIEM, Firewalls, Identity & Access management, Risk and Vulnerability Management, Incident management & response
- Expertise in security tools such as email security solutions, web filtering, data leakage protection and intrusion detection systems;
- Understanding and experience with implementing Data Loss Prevention (DLP) solutions, policies, and technologies.
- Understanding of Azure Information Protection (AIP) and its components, including labelling, classification, and encryption.
- Ability to develop and implement strategies to ensure compliance with industry and data protection regulations (such as BMA, MAS, EU financial sector regulations, DORA, GDPR).
- Strong knowledge and experience in a variety of security technologies including: EDR, SIEM, Vulnerability Management.
- Demonstratable and fundamental experience working within a cloud environment and cloud networks would be advantageous - e.g. Azure, AWS;
- Ability to work independently and think proactively.
- Good interpersonal, written and verbal communication and engagement skills with experience engaging own team, all levels of employees and external partners;
- Must have excellent organisational skills with attention to detail; be a self-starter and able to prioritize in a fast moving, high pressure, constantly changing environment; high sense of urgency
- Be energetic, passionate with a positive attitude
- Relevant security certification (CISSP, GCIA, CISM, CRISC, CEH etc.) and/or product certifications (Microsoft Security, Azure, Windows, AD etc.) a plus.
GCS is acting as an Employment Business in relation to this vacancy.