Senior Security Architect Consultant

The team you'll be working with:

Senior Security Architect Consultant

Hybrid Variable London

We are currently recruiting Security Architects to join our growing client advisory & delivery business.

NTT DATA is one of the world’s largest Global Security services providers with over 7500 Security SMEs and Integration partner to many of the worlds most recognized Security Technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. In a constantly changing world, we work together with our people, clients and communities to enable them to fulfil their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure.

This is a great opportunity for you to play a pivotal role in helping to shape our client’s transformation journeys.

The Security Architect will contribute to the design, implementation and ongoing development of the security architecture of the client\'s IT systems. The Security Architect will draw upon Enterprise Security Architecture or Security Solutions Architecture to contribute to:

• Identify business objectives, user needs, risk appetite and cyber security obligations

• Identify vulnerabilities, perform threat modelling, undertake risk assessment, evaluate the effectiveness of security controls

• Verify and evidence alignment to \'Secure by Design\' principles, corporate security policy/standards as well as industry recognised frameworks and best practice

What you’ll be doing;

The Security Architect will develop and own design, implementation and ongoing development of the security architecture of the client\'s IT systems. The Security Architect will draw upon Enterprise Security Architecture or Security Solutions Architecture to contribute to:

• Identify business objectives, user needs, risk appetite and cyber security obligations

• Identify vulnerabilities, perform threat modelling, undertake risk assessment, evaluate the effectiveness of security controls

• Verify and evidence alignment to \'Secure by Design\' principles, corporate security policy/standards as well as industry recognised frameworks and best practice

• Develop and own to deliver and continually enhance a coherent approach to the design of secure client end-to-end solutions

• Develop and own to secure conceptual, logical and high-level designs by identifying appropriate security controls to be embedded in solutions that meet business requirements whilst evidencing alignment to the target risk appetite.

• Develop and own the design and be able to articulate and justify design recommendations at security architecture assurance gates

• Develop and own design documentation, options papers, risk assessments, stakeholder presentations and be able to effectively communicate these to both senior technical and non-technical stakeholders

• Develop and own the reference architecture of established patterns, principles and guidelines

• Research emerging technologies, new products and be able to position these in a coherent manner against the developing threat landscape and client risk appetite.

• Ability to distil complex information and concepts into key discussion points that identifies a path to resolution rather than only the identification of challenges.

• Develop and own the development of the Security Practice skills and capabilities to ensure consistent high quality of service delivery and expertise. Active coaching and mentoring of junior members of the team

• Develop and own the development of collateral to support Security Consulting or go to market propositions and service offerings.

• Develop and own the development and presentation of compelling client proposals collaborating with teams across our business.

• Develop and own the documented Information Security Management Plans which incorporate Regulatory, Legal and Compliance in relation to applicable security policies, Standards and guidelines

• Develop and own the identification of identified risks and emerging cyber security vulnerabilities and threats. The subsequent analysis to quantify and lead risk mitigation plans

• Work with Service Management to ensure that partners and suppliers adhere to agreed standards, policies and verify/evidence appropriate compliance and security KPIs

• Work closely with 1st, 2nd and 3rd lines of defense on all matters relating to cyber security, information assurance, cyber risk, data privacy including regulatory and compliance considerations

• Develop and own the development and enhancement of governance, risk and compliance aligned to policy, standards and industry good practice

• Ensure that continuous assessment, identification, analysis and reporting of useful metrics to enable informed risk-based decisions to be taken

• Constructively challenge established processes and controls to identify, recommend and facilitate continuous improvement, ensuring that all personnel (including senior stakeholders) understand their responsibilities in relation to security risk mitigation and remediation

• Review and verify that documentation relating to process and technical security controls are maintained.

What you’ll bring;

• A track record of delivering security solutions for large-scale infrastructure, transformation or integration programs.

• Practical knowledge and understanding of industry security frameworks and guidance such as NIST CSF, NIST 800-53, NCSC CAF and other NCSC guidelines

• Good knowledge of networking (switching, routing, firewalls)

• Experience with the design concepts associated with adoption of Cloud platforms (AWS and/or Microsoft Azure)

• An understanding of the native security capabilities and good practice within Cloud platforms (AWS and/or Microsoft Azure)

• In-depth knowledge of modern security concepts, common attack vectors, malware, security analytics and threat intelligence.

• A good understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE)

• Experience working with security standards such as ISO 27001, 27002, 27017, 27108 etc.

• Minimum of 10 years of experience in Cyber Security

• Any 2 of the certifications (CISSP, CISM, CCSP, CRISC) or equivalent experience

• Good knowledge covering at least 3 of the following examples (this list is not exhaustive)): AD, Cryptography, End User Computing, IAM, PKI, Server hardening, SIEM, SOAR, virtualization (VMware)

• Participate in pre-sales tasks and perform ongoing support of delivery collateral.

• Familiarity with MITRE ATT&CK

• Familiarity with ITIL

• Thrive as a consultant seeking the variety and challenge of engaging with different clients and variety of technologies and solution types.

• Experienced and has a broad understanding of security vulnerabilities and the techniques for applying effective controls.

• Develop and own the development of secure system without close supervision.

• Proposes security requirements for new systems or changes to existing systems without close supervision.

• Execute technical management tasks in respect to ongoing client projects.

• Strong teamwork skills and attention to detail.

• Excellent written and verbal communication skills.

• Versatility - able to quickly adapt to new technologies and client environments.

• Strong interpersonal and customer relationship skills.

• Ability to work under pressure and to very short timelines.

• Ability to work independently as needed yet always thinking as part of a team.

• Experience in dealing with 3rd-party Service Providers.

• Operational ability in diverse, large-scale environments.

• Exceptional customer-facing skills.

• Ability to manage conflict and offer suitable resolutions

• Self-motivation and able to take responsibility.

• Persuasive communicator, using logic to win support and change views.

• Please note that candidates must hold or be able to gain UK SC level Security Clearance or higher. Therefore, we can only accept applications from British Nationals who meet these criteria. Candidates with dual Nationality must flag this during the recruitment process.

We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.

Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.

For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA (https://uk.nttdata.com/creating-inclusion-together)

what we\'ll offer you:

We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.

You can find more information about NTT DATA UK & Ireland here: https://uk.nttdata.com/

We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.