Lead Security Architect - Government - London
As Lead Security Architect you will manage the clients Security Delivery Partner team of security architects on tasks that require broad architectural thinking to ensure delivery of the IT programmes end to end technical security architectures and implement designs based on requirements, strategic drivers, best practices and guidance.
The Lead Security Architect will operate within a pan government and industry aware context and will have the primary responsibility for ensuring that designed solutions on the programmes are fit for purpose in a security assurance context and meet business needs.
The Lead Security Architect will highlight any areas of deficiency, risk, or strategic conflict and will play an active and often practical part in the realisation of the programme end to end security design to deliver the desired business outcomes, and will be called upon as an expert to resolve conflicts with inter-dependencies in multiple scenarios, including the interests of other programmes and business as usual activities.
You will also be expected to ensure that the supporting security infrastructure controls meet the needs of the overall end to end solution security architecture requirements including the business, information, application and technology security aspects of the end to end solution. They will work across multiple programme workstreams, driving consistency of approach, and be expected to understand and influence the dependencies, overlaps and identify and document future risk implications of each workstream solution and the overarching end to end delivery of the programme.
- Design logical and physical components of technology security architectures that will enable the delivery of the required business outcome and service.
- Assure the work of workstreams and suppliers, challenging and escalating when necessary. Provide mentoring within the Security Architecture team and provide leadership by exemplifying security architectural best practice in line with the HMG Security Policy Framework to other architects.
- Look forwards to identify common security needs and gaps and work with the wider programme and BAU teams to influence the security architecture view of technology roadmaps.
- Creation of appropriate formal security architecture products for (amongst other activities) product selection, options and impact assessment to validate or solution choices, enable traceability and provide corporate knowledge for ongoing support efforts.
- Ensure that the technology infrastructure supports the needs of services and tools built upon it, working with solution architecture colleagues.
- Work with programme workstream leads, project managers and service owners to provide whole life costing for the security components of the architecture end to end solution in order to select best value approaches and inform the organisation as to the economy of their security estate.
- Work with commercial colleagues to provide input to tender materials and conduct supplier and product security architecture evaluation as part of the broader workstream delivery.
- Work with service and operations colleagues to define and implement security service needs and ensure that sustainable and manageable services are delivered securely.
- Support security technical and architectural requirements capture, design and assurance including injection of architectural stories into backlogs.
- Work with scrum (and other) teams, accepting that the technology input to a scrum team does not usually mean being a formal part of the team, so personal relationships form an important part of the role.
- Actively support and contribute to the domain lead aspects of the team function by providing specialist insight and hands-on experience into security technology concerns.
- Significant experience of complex IT programme security architecture involving dependency management and multi-supplier deliveries in a security technology architecture capacity.
- A practical understanding of security architectural models and also of delivery methodologies and ways of working.
- Strong hands-on experience and knowledge of at least one technology area (such as networking, device management or identity) coupled with a broad understanding of the range of security technologies which may be selected from to deliver required capabilities security assurance.
- An understanding of the security implications of delivering to both on premise infrastructure and cloud (or hybrid) environments and an understanding of the associated economics.
- A desire to prove, pilot and learn new technologies and keep up to date with industry best-practice, external disruptors and adapt accordingly.
- Demonstrate the ability to identify areas where security specialist input is required and to coordinate the required resources and consider their advice and input constructively in the broader context of a defined solution.
Experience and Behaviours
- Extensive experience of working in a multi-supplier environment, both designing aspects of solutions and assuring the work of others to ensure coherent designs supporting an end to end service.
- Experience of mentoring and coaching more junior colleagues constructively and positively to encourage and foster security architectural best-practice and enhance the team capability.
- Extensive experience of estimating and contributing to project planning, dependency and risk maps from a security perspective.
Great large scale government project role with an initial contract until the end of March 2019. Longer contracts available after this first period. SC clearance not mandatory for the immediate start but must be able to successfully obtain SC in due course.