IT Security Architect

IT Security Architect

Hybrid - 2 days onsite Iselin, NJ

Job Purpose

We are looking for a highly motivated IT Security Architect who is able to operate with a high level of autonomy to conduct the required architectural analysis and design in line with the enterprise security strategy.

The Security Architect supports the Security Architecture team to implement the Security Architecture Strategy and Framework across the CLS enterprise. The Security Architect will collaborate with Enterprise Architecture / Technology to provide and recommend effective solutions meeting requirements of the business through effective control of security risks and countering the threat landscape.

The Security Architect will partner with multiple divisions and technical managers to maximize the effectiveness of Security Architecture requirements in the implementation of products, environments and services. The Security Architect will be responsible for supporting the analysis of potential weaknesses and identifying recommendations to improve the security of all services across CLS. Provide technical security advice, guidance, design and review in support of all business-related products and services, reporting to a Security Architecture

What you will be doing

• Work closely with Enterprise Architecture in the effective delivery of solutions
• A high-level knowledge of all key areas of Information Security Technology and an ability to apply them appropriately
• Work with other Security Architects to build security into infrastructure and architecture designs
• Provide direction and advice on projects related to security portfolio to strengthen the overall cybersecurity posture
• Assess SaaS and IaaS cloud services and virtualization technologies and provide direction and input for the maturation of the Cloud Security Framework where necessary
• Foster relationships with key functional teams such as IT, Compliance, Operations, Finance, HR, Internal Audit, and Enterprise Risk to support current and future initiatives
• Keep informed of new and updated industry frameworks and regulations: GDPR, ISO 27001/2, SANS Top 20 Critical Security Controls, NIST CSF, SP 800-53, PFMI, CPMI ISOCO and FFIEC handbook, SABSA
• Keep informed of new and emerging security threats & assess effectiveness of current controls to identify opportunities for program improvement

Operational

• Engage with stakeholders across the organisation to develop relationships and the brand of Security Architecture
• Interface with program and project managers to ensure appropriate security architecture engagement as necessary
• Develop a strong interlock with the other security functions to support transition of projects into operation with effective governance
• Ensure appropriate quality of security architecture artefacts, engagement and managing escalations should they arise
• Ensure appropriate interlock and attestation against security controls where appropriate
• Maintain engagement with Security Engineering and Operations for the management of vulnerabilities, risks and remediation methods
• Ability to take initiative, self-motivated to work independently to deliver against project requirements
• Assure compliance with security controls to identify control gaps, develop remediation plans and determine residual risk
• Lead by example in the engagement of Security Architecture of projects across the enterprise

What we are looking for:

• 5+ years security architecture expertise with broad understanding of multiple security domains
• Ability to collaborate effectively with others to drive forward key security objectives
• Strong documentation and report writing skills (to both technical and business audiences)
• Excellent time management and organizational skills
• Knowledge of policy frameworks and understanding of policies, procedures, guideline structure
• Knowledge of firewalls, IPS, DLP, proxies, SEIM, & endpoint protection software
• Security certifications such as CISSP, CISA, CRISC, SABSA, GIAC, CCSP, CCSK or equivalent is preferred
• Knowledge of Risk Management life cycles based on an established framework: ISO 27001, SANS, NIST SP 800-53
• Working knowledge of the following frameworks and regulations: ISO 27001/2, SANS Top 20 Critical Security Controls, NIST CSF, and FFIEC handbook, Cloud Security Alliance CCM

Our extensive benefits for employees typically include:

• Vacation/annual leave: 25 days in UK/Asia + 3 life days, 23 in US + 3 life days
• Private medical and dental cover and life insurance
• Generous pension contributions in the UK and Asia; matching 401(k) in the US
• Paid volunteer days
• Locate for your day’ hybrid working – 2 days a week in office.
• Access to Discover – our learning platform with 1000+ courses from LinkedIn Learning.
• Paid parental leave / Coaching and support services
• Career development / LinkedIn Learning
• Heads down days’ with no meetings on the last Friday of every month
• Wellbeing / Mental health support
• Diversity Council / Affinity groups (Women’s Forum, Black Employee Network, Pride Network, Parents & Caregivers Network, Sustainability Network)
• Social events

Awards:

• The Sunday Times Best Places to Work 2023 / Big Company / The Sunday Times Awards
• Third place in Britain’s Healthiest Workplace 2022 / Medium Company / Vitality Awards