Head of Security Architecture
Salary £110,000 - £130,000 per annum
Consultant Darius Goodarzi
Date posted 24 June 20192019-06-24 2019-08-23 financial-services London London GB GBP 110000 130000 130000 YEAR Robert Walters https://www.robertwalters.co.uk https://www.robertwalters.co.uk/content/dam/robert-walters/global/images/logos/web-logos/square-logo.png
My client, an International Financial Services firm, are looking for a Head of Information Security Architecture to join their growing team in London.
About the Head of Information Security Architecture Role:
The Head of Security Architecture owns and implements the Security Architecture Strategy and Framework. Working alongside the CISO and security management to deliver the overall Security Strategy and collaborate with Enterprise Architecture / Technology to provide an effective solution meeting requirements of the business through effective control of security risks and countering the threat landscape.
- Ownership and implementation of the Security Architecture Framework
- Providing vision and direction for the Security Architecture Strategy
- Working alongside the CISO and senior Security Management to deliver the Security Strategy
- Work closely with Enterprise Architecture in the effective delivery of design authorities
- Manage the implementation of industry standards and their integration in to Security Architecture
- Provide strong knowledge of building security into business expectations for the utilization and hosting of critical financial market infrastructures
- Work with the Security Architects to Build security into infrastructure and architecture designs and guide the implementation with the operations team
- Provide direction and advice on projects related to security portfolio to strengthen the overall cybersecurity posture
- Assess SaaS and IaaS cloud services and virtualization technologies and provide direction and input for the maturation of the Cloud Security Framework in respect to data classification and hosting
- Enhance security programs in response to regulatory requirements, internal audit and planned strategic initiatives
- Foster relationships with key functional teams such as IT, Compliance, Operations, Finance, HR, Internal Audit, and Enterprise Risk to support current and future initiatives.
- Maintain timely understanding of the client's nformation assets, where they reside and how they are being utilized and hosted, continually review opportunities to improve the overall controls around data security
- Keep informed of new and updated industry frameworks and regulations: GDPR, ISO 27001/2, SANS Top 20 Critical Security Controls, NIST CSF, SP 800-53, PFMI, CPMI ISOCO and FFIEC handbook
- Keep informed of new and emerging security threats & assess effectiveness of current controls to identify opportunities for program improvement
- Translate relevant directives, guidance, and rules into actionable data for consumption by the CISO and Security.
- Represent the client in financial sector-wide consortia, establishing CLS buy-in and representing the client's interests, e.g., National Institutes for Standards and Technology (NIST), Financial Systemic Analysis and Resilience Center (FS-ARC), Financial Services - Information Sharing and Analysis Center (FS-ISAC), United States Treasury Financial Services Sector Coordinating Council (FSSCC), United States Department of Homeland Security (DHS), et al.
- Actively maintain and mature Security’s relationships with its counterparts at Designated Financial Market Utility (DFMU) partners.
- 5-8 years functional security expertise with broad understanding of competencies and the lifecycle of application security management
- Experience of developing Security Architectural Frameworks and Security Architecture Strategies
- Experience developing or managing security programs preferably across several domains including metrics and reporting for program maturity and risk reduction
- Experience and/or training on GDPR requirements and other data protection laws
- Experience defining program roles and responsibilities, assessing / identifying knowledge gaps across teams and implementing required training plans
- Ability to collaborate effectively with others to drive forward key security objectives
- Strong documentation and report writing skills (to both technical and business audiences).
- Excellent time management and organizational skills
- Knowledge of policy frameworks and understanding of policies, procedures, guideline structure
- Knowledge of firewalls, IPS, DLP, proxies, SEIM, & endpoint protection software
- Strong knowledge of one or more of the following programming languages HTML5, ASP, Java, Objective-C , C#, C++, SQL is preferred
- Ability to write scripts in languages such as Python, BASH, or PowerShell for automation preferred
- Ability to read and debug code
If the above is of interest please call me on 0207 509 8040 or apply to the above role ASAP