IT Security Solution Architect

My client, an international bank based in London, is looking for an IT Security (Secure-by-Design) Solution Architect to join their growing team.

• To lead a team of Governance, Risk and Compliance (GRC) SMEs responsible for carrying out IT Security Assessments (Secure-by-Design) on technology projects.
• To ensure that all projects comply with IT security policies and requirements.

In this role, you will manage the secure-by-design team activities across the bank and securities business under a dual-hat arrangement. You will act and make decisions on behalf of both entities, subject to the same remit and level of authority. Responsibilities include, but are not limited to:

• Delivering the secure-by-design process to ensure relevant TEC projects undergo security review prior to implementation.
• Managing the GRC SMEs delivering Secure-by-Design activities; outlining relevant KPIs and measuring the team against them.
• Interviewing business and technology stakeholders responsible for controls (technical and non-technical).
• Reviewing the team’s reports and conclusions and ensuring the suitability of evidence required to demonstrate operating effectiveness.
• Developing a testing strategy for testing operating effectiveness of controls.
• Identifying gaps in control operating effectiveness and arriving at informed conclusions.
• Documenting risks, gaps, findings and recommended actions.
• Managing time to ensure testing is completed in a timely manner.

• Experience in managing multiple tasks with broad scope, ambiguity, and a high degree of difficulty.
• Experience providing assurance for cybersecurity technologies, policies, standards and procedures.
• Proficiency across information security domains such as Security Governance, Identity and Access Management, Access Controls, Threat Intelligence, Asset Management, Risk Management, Security Assessment/Testing, Security Incident Management and Vulnerability and Patch Management.
• Understand global IT risk management structure.
• Experience with senior stakeholder management and relevant management reporting.
• Ability to coach team members through knowledge transfer and constructive feedback.

Functional / Technical Competencies

• Good understanding of cybersecurity/IT control frameworks including SOX, FFIEC, ISO27001, NIST, Cloud Security Alliance, and PCI-DSS.
• Experience as an IT auditor, security auditor or governance, risk and compliance analyst.
• Understanding of current best practice approaches to security assurance and application of security frameworks.
• Ability to plan and prioritize multiple project work streams in response to changing portfolios.
• Broad knowledge of computer, networking and IT security systems (operating systems, databases, firewalls, SIEM, DLP, etc.).
• Strong presentation, documentation and reporting skills.

Preferred:

• Experience in project management.
• Experience in providing assurance for cybersecurity technologies, policies, standards and procedures.
• Ability to maintain working knowledge of cybersecurity principles and elements.
• Understanding global IT risk management structure.
• Experience with senior stakeholder management and management reporting.

• Degree educated and/or equivalent experience.

If the above is of interest, please apply to this role or call 0207 509 8040 to find out more. Alternatively, you can email your CV to darius.goodarzi@robertwalters.com.

• Contract Type: Permanent
• Focus: Information Security
• Workplace Type: Hybrid
• Experience Level: Senior Management
• Location: London
• Salary: £100,000 - £110,000 per annum
• Industry: Banking

Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates.