6-month Contract Remote
A team are working on transforming the way they facilitate Cloud hosting across the organisation and the wider public sector, with a long-term vision to design a continually improving and reliable shared service.
The post-holder will be involved specifically in the design and development of Cloud Platform service, to provide a specific security perspective. The post-holder will collaborate with technical architects, developers, testers and business areas, working closely with delivery partners and internal administrative teams.
The post-holder will play a key role in managing the Programme's security assurance roadmap and relationship with security teams across public sector organisations and suppliers involved in developing, testing, auditing and supporting the service.
The post-holder will collaborate with technical architects, developers, testers, and business areas, working closely with delivery partners and internal administrative teams.
Specifically the role holder will:
- Lead the security architecture design of systems and services, justifying and communicating all design decisions, applying research and innovative security architecture solutions to new or existing problems, working within the organisation and Industry methodologies and frameworks such as SABSA and NIST CSF
- Communicate the security architecture vision, principles and strategy for the programme and maintain a Security Baseline Standard
- Decipher subtle security needs and understand the impact of decisions, balancing requirements and deciding between approaches ensuring these solutions or countermeasures mitigate identified information risks
- Lead on quality assurance, and act as the point of escalation for Security Architecture within the programme
- Interact with stakeholders across organisations, teams, and communities and influence senior stakeholders in security architecture decisions
- Assist the Security Advisor function with the creation of secure development policy and process to support DevSecOps teams, including recommendations on security tooling, ensuring privacy and cyber security practices are automated where possible and embedded in ways of working by default and design
- Contribute to the procurement of development partners and Cloud technologies to support the delivery of programmes of work. And work with development partners at on-boarding and throughout engagement to ensure they continuously meet security requirements.
Normal Place of Work - Remote
Essential Skills, Competences, Relevant Qualifications, and previous Experience required
- Broad and deep technical knowledge covering application, data, technology, and security domains in digital Cloud services with associated experience in designing secure solutions using industry standard tools, techniques and security architecture frameworks.
- Strong knowledge of industry data/cyber security legislation, policy, patterns, standards (including but not limited to ISO27001, CSA STAR and NIS Directive), guidance and risk management techniques as well as demonstrable experience in interpreting and applying this knowledge in an agile way, working with development teams to deliver digital Cloud services.
- Experience of reviewing security architecture designs, including from 3rd parties, ensuring adherence to agreed policies, standards, and design patterns and explaining clearly to a wide range of internal and external stakeholders (including senior officials, customers, and suppliers) how decisions have been reached, with the ability to understand and resolve security related disputes across varying levels of complexity and risk.
- Experience of reviewing system architectures to identify single points of vulnerability and common architectural flaw; identify security issues relating to configuration of components in an architecture; validate and explain how common attack methods are mitigated by the design and identify areas where detailed technical analysis will be required to understand important nuances that could have significant security implications.
Desirable Skills (where appropriate)
- Experience of engaging with, and managing, a wide range of internal and external stakeholders, including senior officials, customers, and suppliers
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender reassignment, marriage and civil partnerships, pregnancy or maternity or age
your application has been submitted