Information Security Architect

Group IT are recruiting for an Information Security Architecton a full-time permanent basis.

Reporting into the Chief Information Security Officer, you will provide expert advice and support on the selection, design, development, justification and implementation of IT security that aligns with business goals, while ensuring that the appropriate level of confidentiality, integrity, availability, accountability and relevant compliance is maintained and aligns with the business risk appetite.

Do you have experience in Software development?, * An expert knowledge and understanding of (including implementation) of Security by Design (including Privacy by Design), Defence in Depth, Attack lifecycle, Secure System Development Lifecycle

• Detailed knowledge and understanding of the latest cybersecurity frameworks and standards and their implementation.
• Extensive knowledge and understanding of security at all levels of the OSI model.
• A well-grounded understanding and experience of networking, infrastructure, middleware and software development.
• Excellent knowledge of IT networking, security infrastructure and modern operating systems
• Expert understanding of applying security principles and ensuring compliances in IaaS, PaaS and SaaS environments.
• Technical Architectural level experience, including infrastructure, networking and application
• Expert knowledge of security principles and technologies as well as Risk Management and risk methodologies
• Excellent written and oral communication skills at all levels, strong communicator and ability to articulate and communicate complex IT-related business issues to senior staff in a manner than business stakeholders will understand.
• Good commercial awareness of the potential business impact of Information Security and a pragmatic approach to ensuring Information Security is a business enabler
• Expert knowledge in the implementation and operation of SecDevOps
• Good working knowledge of AWS (architecture, services and tools) and how Information Security best practice should be implemented and monitored.
• Knowledge of the cloud vendor frameworks and cloud technologies
• Strong knowledge and use of threat modelling frameworks and methodologies
• Practical experience of designing and developing solutions across large scale infrastructures
• Cloud-based cyber security principles and architecture points
• Boundary controls, network segmentation and access control
• Identity and Access Management (including RBAC, SoD, permissions management)
• Cryptographic techniques and implementations
• Vulnerability Management and Patching
• Serverless, Containerisation and virtual machine security
• Extensive experience of creating and reviewing design documentation.
• Good working knowledge of MITRE ATT&CK.
• Good working knowledge and understanding of ISO27001/2, DPA 2018 / UK GDPR, EU AI Act, EU NIS 2 and relevant standards / legislation.
• Experience of Architecting innovative Information Security technology systems in a consumer-facing sector
• Experience of security management tools and techniques
• Securing and leveraging AI

Along with a competitive salary, car schemes (including cars for family members), discretionary bonus, enhanced pension contributions, private healthcare, 27 days holiday plus bank holidays, 4 x life assurance & health & wellbeing support, we also offer a wide range of flexible benefits to suit you and your lifestyle.

We are changing

The world is changing – and we are changing with it. We are consistently advancing the further development of the automobile – with a focus on electromobility, digital transformation of the company and all brands and new smart ideas for the mobility of the future. But we want to be more than Europe's largest car company. By stepping into a new era – towards a sustainable mobility service provider that provides solutions for resource-saving mobility and connected transport systems in small and large around the world.