Information Security Architect

Group IT are recruiting for an Information Security Architect on a full-time permanent basis.

Reporting into the Chief Information Security Officer, you will provide expert advice and support on the selection, design, development, justification and implementation of IT security that aligns with business goals, while ensuring that the appropriate level of confidentiality, integrity, availability, accountability and relevant compliance is maintained and aligns with the business risk appetite.

• An expert knowledge and understanding of (including implementation) of Security by Design (including Privacy by Design), Defence in Depth, Attack lifecycle, Secure System Development Lifecycle
• Detailed knowledge and understanding of the latest cybersecurity frameworks and standards and their implementation.
• Extensive knowledge and understanding of security at all levels of the OSI model.
• A well-grounded understanding and experience of networking, infrastructure, middleware and software development.
• Excellent knowledge of IT networking, security infrastructure and modern operating systems
• Expert understanding of applying security principles and ensuring compliances in IaaS, PaaS and SaaS environments.
• Technical Architectural level experience, including infrastructure, networking and application
• Expert knowledge of security principles and technologies as well as Risk Management and risk methodologies
• Excellent written and oral communication skills at all levels, strong communicator and ability to articulate and communicate complex IT-related business issues to senior staff in a manner than business stakeholders will understand.
• Good commercial awareness of the potential business impact of Information Security and a pragmatic approach to ensuring Information Security is a business enabler
• Expert knowledge in the implementation and operation of SecDevOps
• Good working knowledge of AWS (architecture, services and tools) and how Information Security best practice should be implemented and monitored.
• Knowledge of the cloud vendor frameworks and cloud technologies
• Strong knowledge and use of threat modelling frameworks and methodologies
• Practical experience of designing and developing solutions across large scale infrastructures
• Cloud-based cyber security principles and architecture points
• Boundary controls, network segmentation and access control
• Identity and Access Management (including RBAC, SoD, permissions management)
• Cryptographic techniques and implementations
• Vulnerability Management and Patching
• Serverless, Containerisation and virtual machine security
• Extensive experience of creating and reviewing design documentation.
• Good working knowledge of MITRE ATT&CK.
• Good working knowledge and understanding of ISO27001/2, DPA 2018 / UK GDPR, EU AI Act, EU NIS 2 and relevant standards / legislation.
• Experience of Architecting innovative Information Security technology systems in a consumer-facing sector
• Experience of security management tools and techniques
• Securing and leveraging AI

Along with a competitive salary, car schemes (including cars for family members), discretionary bonus, enhanced pension contributions, private healthcare, 27 days holiday plus bank holidays, 4 x life assurance & health & wellbeing support, we also offer a wide range of flexible benefits to suit you and your lifestyle.

We're driven by difference. With six big brands under one roof - each with its own history, designs and innovations - we've created some of the world's most iconic vehicles, from luxury sports cars to family camper vans. Here, you'll discover opportunities, explore ideas and tackle challenges that you won't find anywhere else. It takes a range of teams to make the Group successful. We all share the same aim: to deliver sustainable mobility for generations to come, while keeping the customer and their changing demands at the heart of everything we do. There's never been a more exciting time to join our industry as it undergoes the biggest transformation for over 100 years. With digitalisation, electrification and driverless mobility all coming to the market, we're actively looking for people with new skills, knowledge, and outlooks. A brave new world demands brave, new, diverse people; so whatever your background, we would love to hear from you. We know that different perspectives and thought processes are vital as our industry goes through an exciting period of change. To avoid disappointment, you are advised to submit your application as soon as possible as we reserve the right to close the vacancy early if a high volume of applications are received. This is to ensure that we can manage the application levels whilst maintaining a positive candidate experience. Unfortunately, once a vacancy has closed, we are unable to consider further applications.