Overall Role Purpose
Accountable for governing the security of the organisation's services through architecting, delivering and maintaining policies, standards, processes and controls for satisfying the business needs.
• Own and manage the development, delivery and performance of the Information Security Architecture across the business and its suppliers.
• Work with the business and the IT leadership team to identify enterprise-wide security needs and opportunities for IT solutions.
• Work with the Digital team to bring together both the business Digital (e.g. Cloud) and traditional aspects (e.g. Mainframe) into a single overarching, coherent security strategy & architecture.
• Architect, develop, implement and maintain security policies, processes and controls for satisfying the business needs and aligning with the company's business objectives.
• Support the development and delivery of a business-aligned global IT strategic plan, and a set of security standards aligned to the enterprise architecture.
• Design and coordinate guidance/ compliance activities associated with ensuring alignment/ compliance with architectural principles and standards,
• Provide security-related technical design authority for solutions and projects/programmes, as well as direction and governance to security operations.
• Govern and oversee the evaluation and selection of hardware technologies, and the design of standard configurations.
• Work with the service providers to ensure security-related technology and service roadmaps, innovations, future developments and strategic assessments are identified, developed, communicated and tracked.
• Ensure strategic integration and alignment across solutions, services and BUs through collaboration with a range of stakeholders and colleagues (including the business' Digital function, Service Managers and Business Engagement Managers).
• Maximise the value obtained from the use of available and new Information Security technologies, architectures and solutions by tracking developments and trends in the finance and IT sectors.
• Apply continual improvement to security architectures and related processes.
Job Requirements - Knowledge and Skills
• Demonstrable and compelling experience operating in senior Information Security Architecture roles.
• Previous governance and technical design authority experience essential.
• Demonstrable experience of designing and governing IT security architecture standards and the implementation of IT solutions and services.
• Information Security expertise and certifications (e.g. CISSP: Certified Information Systems Security Professional/ CISM: Certified Information Security Manager)
• Excellent knowledge of modern information technologies, services & architectures, including Cloud
• Experience of large enterprise environments including strategic and architectural integration of new digital services with legacy systems (e.g. Mainframe).
• Expertise and certification in IT Governance and Enterprise Architecture best practices (e.g. COBIT and TOGAF)
• Good knowledge of governing security in both Agile and ITSM (e.g. Scaled Agile Framework/ ITIL)
• DevOps – an understanding of security in automated provisioning and deployments