About

• Working Hours: Full time 37.5 hours per week - Monday to Friday In this role you will provide Security Architectural support to projects that have engaged with Secure by Design, providing guidance to projects and BAU activities across the following UK business functions: Senior member of the Secure by Design IT & Digital Team. Embed effective security practices into IT & Digital processes (Agile, DevSecOps, CI/CD etc). Provide Cyber Security guidance, design input and design review/assessment. Specify security testing and ensure that identified vulnerabilities are remediated. Identify Cyber Security risks and ensure that these are managed effectively. Lead relevant Regulatory and Compliance initiatives for Secure by Design. To review telecoms project designs and architectures against the company's cyber security policies and to communicate this to project teams. To assess project designs against requirements, including the UK Telecommunications Security Act (TSA) Guiding and embed effective security controls into Network architectures Provide Cyber Security guidance, design input and design review/assessment of complex changes Specify and scope security penetration testing of complex designs, and ensure that identified vulnerabilities are remediated To assist members of the Secure by Design Networks team with understanding of designs To provide leadership, updates and guidance for cyber control implementation and their ongoing assessment and improvement Please note: You need to be eligible for SC Clearance Educated to degree level and/or relevant technical experience (preferably 7+ years) with a proven track record of delivering complex cross-domain IT/IS solutions architectures/designs in the telecommunications industry Minimum of 5+ years of experience in Security role Knowledge of common information technology management / compliance frameworks such as ISO/IEC 27001, SOC 2, SOX, ITIL, COBIT, and NIST. Knowledge of legal, regulatory and privacy requirements, such as Personally Identifiable Information (PII) Protection and Payment Card Industry (PCI)/Data Security Standard An ability to think strategically and drive change A deep understanding of Security risks and mitigating solutions A diverse security background with knowledge in several areas including DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies Knowledge in Windows, UNIX and Linux operating systems Practices and methods of enterprise architecture and security architecture IT security architecture development and definition Web Security & Encryption Strong organizational skills Ability to work under time and resource pressure An ability and desire to communicate and work with a broad set of stakeholders A customer-focused, responsive, and transparent attitude Competent in understanding solution designs and equipment configurations used to deliver a wide range of IT and telecommunications solutions Competent in applying security policies and principles defined in security architecture to real world scenarios Understands and applies risk management principles Effective communication skills to influence stakeholders and explain complex security requirements in simple terms Establishing and maintaining single point of contact relationship with key project manager(s) An industry security certification. CISSP is strongly preferred. An Architecture qualification (TOGAF) is desired.