Security Architect - (M/F/D)
hace 2 días
City of London
ITC Infotech is looking for a Security Architect to join our team at across UK, London, Leeds and Edinburgh. Your X-Factor Work ethic - You are a consummate professional. Aptitude - You have an innate capacity to transition from project to project without skipping a beat. Communication - You have excellent written and verbal communication skills for coordination across projects and teams. Impact - You are a critical thinker with an emphasis on creativity and innovation. Passion - You have the drive to succeed paired with a continuous hunger to learn. Leadership - You are trusted, empathetic, accountable, and empower others around you. About the Role: Security Architect The Security Architect role sits within Technology - Strategy & Architecture - Enterprise Architecture Consulting, that is responsible for the overall architecture for the FCA’s business divisions. This includes quality assurance of architectural decisions, technical designs and other architectural deliverables (e.g. Architectural Impact Assessments, etc) to ensure solutions are value for money, meet information security and business requirements and are aligned to enterprise strategies, roadmaps, standards and patterns. The Security Architect will primarily be focussed on the FCA’s Strategic Security Programme, implementing a wide range of Cybersecurity controls and this role is specifically to be responsible for the full Architecture solution of a Cybersecurity project from initiation through scoping, mobilization and delivery of benefits. What you will be doing • Designing and producing architectural artefacts for end-to-end cyber security solutions, high level outlined architecture to detailed solution architecture, including required integration, that are aligned to architecture standards, meet the business vision and requirements, take into consideration all risks, costs, benefits, limitations, dependencies, deliverability and impact on the enterprise, technology and business architectures., • Supporting and guiding project teams and product groups in delivery and implementation of end-to-end cyber security solutions. Driving and managing resolution of technical dependencies and technical do-ability issues including identifying viable alternatives and agreeing those with architecture governance., • Playing a key role in the development and implementation of the FCA’s Information Security, Digital and Data Strategies, by ensuring solutions adhere to and enable the implementation of strategies., • Collaborating with product groups and enterprise architecture functions on defining enterprise and product architecture strategies and standards, building product roadmaps and resolving maintenance and post-go-live issues., • Reviewing and quality assuring artefacts created by external suppliers and internal teams (Product Groups and Change Delivery teams) to ensure the quality of the delivered solution fulfils business and non-functional requirements and adheres to strategic vision of the FCA., • Identifying opportunities for technology-driven innovation and shaping design proposals to take this forward; driving innovation where this delivers quick wins and business benefit and is in the boundary of the product roadmap, • Engage key stakeholders in business, product groups, security, and architecture function to identify capabilities, perform gap assessment, maturity assessment and document architecture to create a future., • Research cyber security technology trends and identifying opportunities to exploit innovation ensuring these are fully understood and explored. The skills and experience you’ll have Minimum • Experience as a Security Architect designing products, platforms, systems and components on multiple programmes and projects, • Experience of working on the end to end project lifecycle, in a multi-technology environment., • Experience of designing and managing the end-to-end delivery of multi-platform cyber security solutions., • Exceptional communication skills, able and willing to describe and negotiate complex and detailed solutions across a variety of stakeholders., • Exceptional critical thinker and problem solver, able to work with imperfect information in an environment of uncertainty whilst still maintaining high standards, evidenced designs and documentation that consider regulatory, organisational and technology change requirements, the FCA divisional and enterprise strategies. Essential • Experience of designing and implementing cyber security platform solutions, • Experience with delivery of significant Cyber Security projects in domains, e.g. Attack Surface Management, Threat Detection and Response, Identity Access Management, Information Integrity and Protection and/or Infrastructure Security., • Experience working with AWS technologies., • Experience of best practice security architecture across all cyber security architecture domains and key platform technologies., • Commercial awareness and hands-on experience at costing solution options, understanding procurement frameworks and promoting cost effective solutions., • Collaborative self-starter with positive, proactive, can-do attitude., • Strong experience of technical and environment interdependencies across projects and programmes., • Solid and evidenced knowledge foundation (e.g. CISSP, CISM, etc.), • Experience with formal architectural methodologies and frameworks, including TOGAF, experience in architecture modelling tools and agile methodologies., • Proficient knowledge of UML., • Evidenced continuous professional development and engagement with industry innovators and professional bodies., • Experience of innovation whilst ensuring EA adherence. Additional requirements are: • Risk-to-Control Mapping: Proven experience using the SABSA framework to translate enterprise risks and business attributes into technical security architectures., • Stakeholder Influence: Ability to engage with Senior Leaders and the Board to explain security posture in terms of Business Outcomes rather than technical vulnerabilities., • Multi-Cloud Security: Hands-on experience designing and securing estate consolidation across AWS and Azure, specifically focusing on identity federation and crosscloud security guardrails., • Regulatory Alignment: Deep understanding of the FCA’s Operational Resilience and Consumer Duty requirements, ensuring security architecture supports "Important Business Services.", • Applied Security Engineering: Experience in implementing "Secure by Design" within Agile delivery teams and multi-supplier environments (not just theoretical oversight)., • Supply Chain Assurance: Experience in governing security standards across thirdparty providers and critical technology partners. Personal Qualities- • Pragmatic Innovator: Able to balance "impenetrable security" with the need for Business Agility and the adoption of disruptive technologies., • Collaborative: Ability to work seamlessly across architectural domains (Data, Business, Technical) to ensure security is an enabler, not a bottleneck., • Fast Learner: Capable of quickly grasping the FCA’s complex regulatory landscape and "hitting the ground running" on high-priority transformation waves., • Resilient & Adaptable: Comfortable working with strategic ambiguity, particularly when navigating the security implications of emerging tech like AI and DLT., • Accountable: Takes ownership of the "Security Attribute s" scoring and the long - term integrity of the security domain. Techniques & Tools- • Architectural Frameworks: Expert knowledge of SABSA (essential for risk mapping) and TOGAF (desirable)., • Cyber Standards: Mastery of NIST CSF, ISO 27001, CISM and Cyber Essentials Plus, with the ability to apply them practically in a cloud -native environment., • Threat Modelling: Proficiency in applied threat modelling techniques (e.g., STRIDE, PASTA) at the design stage of the lifecycle., • Security -as -Code: Familiarity with automated assurance tools (e.g., Terraform Sentinel, Azure Policy, AWS Config) to embed guardrails into CI/CD pipelines., • Identity & Access Management (IAM): Advanced knowledge of Zero Trust principles, OIDC/SAML, and centralized identity providers (e.g., Microsoft Entra ID/Okta). Our Mission ITC Infotech is a leading global technology services and solutions provider, led by Business and Technology Consulting. ITC Infotech provides business-friendly solutions to help clients succeed and be future-ready, by seamlessly bringing together digital expertise, strong industry specific alliances and the unique ability to leverage deep domain expertise from ITC Group businesses. We provide technology solutions and services to enterprises across industries such as Banking & Financial Services, Healthcare, Manufacturing, Consumer Goods, Travel and Hospitality, through a combination of traditional and newer business models, as a long-term sustainable partner. ITC Infotech is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion, or sexual orientation. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. ITC infotech is committed to providing veteran employment opportunities to our service men and women.