Security Architect

As a Security Architect, you'll lead security design, engineering, testing, and implementation for critical business products supporting Strategic Infrastructure business.

Working closely with Product Managers, you'll act as a vital link between senior business stakeholders, Information Technology, and existing security services, serving as both a technical and non-technical point of contact with a focus on architecture and engineering.

Working closely with the business, product teams, and technical architects, you'll ensure solutions comply with regulatory and security controls requirements.

You'll combine excellent customer relationship skills, deep technical knowledge (including emerging Digital technologies), and a practical approach to real-world risk reduction.

1. Collaborate with business, product teams and users to define needs, identify problems, and implement improvements.
2. Work alongside Product teams to liaise with 3rd party vendors to securely integrate new technology capabilities into Strategic Infrastructure products and services.
3. Define and document security architecture blueprints for new systems and applications, including threat modelling and risk assessments.
4. Establish security standards, best practices, and design patterns for cloud, on-premises, and hybrid environments.
5. Collaborate with development teams to integrate security controls into application design.
6. Lead security architecture reviews and provide expert technical guidance on complex security challenges.
7. Assess security posture against industry regulations and compliance requirements.
8. Identify and mitigate security risks associated with new technologies and initiatives.
9. Perform security assessments and penetration testing to identify vulnerabilities.
10. Communicate security risks and mitigation strategies to the business and 3rd party vendors where necessary.
11. Advocate for security initiatives and build consensus across teams.

1. Deep understanding of cybersecurity principles, including authentication, authorization, encryption, network security, and application security.
2. Expertise in cloud security architectures (AWS, Azure, GCP).
3. Proven experience designing and implementing security solutions for complex enterprise environments.
4. Strong knowledge of security frameworks like CIS, NIST, ISO 27001, and PCI DSS.
5. Experience of ESRI products.
6. Excellent communication and presentation skills to effectively communicate technical security concepts to non-technical stakeholders.