Manager, Security Architect - Financial Services, Enterprise Security

Deloitte
Manchester, United Kingdom
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English

Job location

Manchester, United Kingdom

Tech stack

Java
API
C Sharp (Programming Language)
Cloud Computing
Cloud Computing Security
Complex Networks
Computer Security
Information Leak Prevention
Data Security
Information Systems Security Architecture Professional
Python
Key Management
Network Security
Powershell
Zero Trust Network Access
Sherwood Applied Business Security Architecture
Security Information and Event Management
Software Engineering
Systems Integration
Togaf
Kubernetes
Information Technology
Devsecops
Docker

Job description

We are a team of cyber security architects and engineers working within the wider Deloitte Technology and Transformation practice, securing technology capabilities that our clients in the Financial Services industry deploy, for example, ERP solutions, HR solutions, industry-specific applications, core banking platforms, and core insurance platforms.

We also help to architect and engineer standalone cyber security solutions, such as cloud security and platform capabilities, data loss prevention technologies, DevSecOps pipelines, and solutions in the Zero Trust networking space.

We are seeking skilled security architects to join the team. The ideal candidate will have a background in designing, implementing, integrating, and operating cyber security solutions that help protect our clients. Our projects vary greatly and your responsibility as a Security Architect will differ based on the focus of the client engagement and your skillset, but this could include:

Designing and architecting cyber security solutions by:

  • Creating high-level and low-level designs that align with business objectives and comply with industry cybersecurity standards (e.g., NIST).
  • Defining the system specifications to support optimal performance.
  • Integrating workflows with third-party systems and security tools, such as Security Information and Event Management (SIEM) solutions.
  • Defining the Responsible, Accountable, Consulted, and Informed (RACI) matrix to operate and maintain the solution's components.
  • Supporting the development and maintenance of security architecture patterns, blueprints, and reference models.
  • Defining functional and non-functional security solution requirements and technical specifications.
  • Helping clients evaluate and select security technologies and products in their security roadmap, helping ensure the selected tooling aligns with requirements.
  • Reviewing the configuration of existing systems or solutions and identifying security issues or improvement activities to help ensure security risks are pro-actively managed and solutions drive planned benefits.
  • Understanding security control requirements, as defined in security policies, standards and control frameworks and translating them into architecture patterns and solution designs.
  • Maintaining awareness of current and emerging security risks and the changing threat landscape, recommending solutions to help drive security enhancements for our clients.
  • Driving the implementation of new cyber security solutions by:
  • Overseeing the configuration and implementation of the solution, supporting security rules, e.g. network rule changes.
  • Collaborating with wider IT teams to ensure pre-requisites have been met.
  • Developing technical documentation for cyber security solutions including process documentation.
  • Delivering services post-implementation, from hyper-care support, resolving additional issues in production through advanced troubleshooting and debugging.
  • Conducting knowledge transfer to client teams through technical training sessions on operating and maintaining the solution, empowering clients to effectively manage and support the environment.
  • Contributing to sales activity, through proposal documentation and eminence materials.

Requirements

Successfully applicants typically have a degree or equivalent experience, with real world experience working in cyber security. They are agile thinkers capable of helping stakeholders manage a range of security challenges. Key skills - not every candidate requires all of these but should be familiar and/or have experience with a majority of these:

  • Extensive security architecture experience.
  • Demonstrated experience and knowledge of two to four or more of the following areas:
  • Cloud/data center security, with experience hardening these environments.
  • DevSecOps, with experience securing pipelines, as well as APIs and containerised environments.
  • Data security, with knowledge of different data types and experience applying security measures to protect data across the lifecycle.
  • Network security, with an understanding of zero trust principles and experience deploying security technologies to secure complex network environments.
  • Identity, with experience in customer identity, enterprise identity, authorisation mechanisms and/or secrets management.
  • Security operations, with experience designing or integrating with the wider security technologies and infrastructure.
  • Understanding of risk assessment methodologies and the ability to articulate security risks to business stakeholders.
  • Ability to define, shape, and execute on security strategies.
  • Understanding of business processes and ability to identify and integrate security into them.
  • Prior experience within financial services.
  • Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively., * Bachelor's or master's degree (or equivalent) in information technology, Cybersecurity, computer science or a related field, or equivalent work experience.
  • Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, GIAC or equivalent) strongly preferred.
  • Industry-recognised architecture certification (SABSA, TOGAF or equivalent) is preferred.
  • Certifications from industry-leading security vendors and/or cloud providers would be desirable.

The following skills are also desirable:

  • Experience in secure configuration of Cloud and container-based architectures and implementations (e.g., Kubernetes, Docker, etc.)
  • Software development skills including scripting - Python/JAVA/ASP/C#/PowerShell, Coding frameworks.

About the company

Deloitte drives progress. Our firms around the world help our clients become market leaders wherever they compete. Deloitte invests in outstanding people with diverse talents and backgrounds, empowering them to achieve more than they can elsewhere. Our work combines consulting with action and integrity. We believe that when our clients and society are stronger, so are we.

Apply for this position