IT Risk and Security Architect

Our Automotive client is recruiting for an IT Risk and Security Architect to work on a permanent basis (based 5 days in the London office)
 
The IT Risk and Security Architect will help to establish and maintain a risk management framework aligned with NIST/IRAM2, in addition to this performing threat and risk assessments, create high level/low level security architecture designs and assist the IT security manager with the realisation of the information security roadmap.

 

Responsibilities include (but are not limited to):

Risk Management

• Responsible for establishing and maintaining a risk management framework that is aligned with NIST, IRAM2, ISO and GDPR.
• Maintaining the information security risk register. Lead the migration of Risk Register from excel spreadsheets to a dedicated risk management platform (Acuity Stream).
• Ensuring risks are monitored and reported, while mitigation plans are proposed and followed up.
• Consulting with senior technology and business leaders regarding information security risks and their role in minimising exposure to those risks.
• Leading internal information security risk audits including, but not limited to, ISO27001 and ISO22301.
• Helping to design and implement a robust third-party assurance framework that enables the business to gain oversight of risks across the ecosystem.
• Actively participate on the IT Change Board meetings as one of the approvers.

Security Architecture

• Performing threat and risk assessments, working closely with the enterprise architect to ensure the digital solutions adhere to security architecture and privacy best practices.
• Creating high-level/low level security architecture designs
• Auditing the security architecture of the existing information systems.
• Define the security requirements in compliance with standards and regulations.
• Assisting with the identification and triage of information security threats and helping to manage the response to security breaches.

Security Operations

• Assisting with the implementation and on-going management of information security solutions 
• Supporting the development of information security policies and processes.
• Supporting the activities required to achieve ISO 27001 certification.
• Performing technical security assessments using tools such as Kali, Nessus and Burpsuite.

Relationship Management

• Establish and maintain effective relationships and governance arrangements with senior stakeholders.
• Provide effective independent escalation and reporting of any security issues, risks and deficiencies to the IT security Manager and the IT teams
• Actively participate in the Global Security Team.

 

Requirements  

• 5+ years information security operations experience in a medium/large multinational organisation on a similar role.
• Professional IT/security qualifications (CISSP,CRISC, CISM, CISA,GSEC) or equivalent professional certification.
• Relevant architectural experience, including an understanding of NIST, SABSA, TOGAF or equivalent frameworks.
• Experience with Cloud Platforms, Azure DevOps, Active Directory, Windows and Linux servers, SQL Server, Firewalls, WAFs, End Point Security, Virtualization Technologies, Mobile Device Management, VPN.
• Excellent knowledge of information security risk management frameworks and compliance practices.
• Knowledge of NIST CSF and 800-53, ISO 2700X, SOC2 security frameworks.
• Ability to assess information system processes and processing technologies for threats, vulnerabilities and risks.
• Ability to express technical information security issues in business terms.
• Resilient, with the ability to challenge senior stakeholders on information security issues.
• Ability to challenge/negotiate with third-party vendors on information security issues
• Ability to develop security standards and guidelines based on best practices, regulatory requirements and industry standards.
• Excellent knowledge of cloud security best practices (IaaS, SaaS, PaaS) – Azure/AWS experience a plus.
• Good basic networking knowledge, excellent knowledge of network security.
• Ability to work as part of an extended IT security team.
• Ability to build and maintain productive, strategic relationships within the business and third-party suppliers.
• Excellent oral/written communication skills

With over 90 years' combined experience, NES Fircroft (NES) is proud to be the world's leading engineering staffing provider spanning the Oil & Gas, Power & Renewables, Chemicals, Construction & Infrastructure, Life Sciences, Mining and Manufacturing sectors worldwide. With more than 80 offices in 45 countries, we are able to provide our clients with the engineering and technical expertise they need, wherever and whenever it is needed. We offer contractors far more than a traditional recruitment service, supporting with everything from securing visas and work permits, to providing market-leading benefits packages and accommodation, ensuring they are safely and compliantly able to support our clients.