Security Architect (EUC) – Central Government Project
Purpose of Role
This role is to provide Information Assurance Architecture Subject Matter Expertise to support work-streams within this clients technology programme.
The IA Architecture function incorporates the delivery of Enterprise architect, technical architecture, Gateway architecture and Information Assurance for the entire programme.
Main Duties and Responsibilities
Enterprise Security Architecture
- Development & ongoing use of Architectural Artefacts in support of delivery of information assurance and security architecture.
- Ensure that architectural artefacts inform and influence the creation of service requirements.
- Ensure the alignment of architectural artefacts with Enterprise Architecture and Information Assurance frameworks.
- Ensure that project documentation supports HMG Strategies, policies and standards.
- Lead negotiation sessions with suppliers on Information assurance topics.
- Evaluate the solution proposals and high level design and low level designs for the logical and physical implementation of solutions to ensure they are in accordance with HMG and client IA standards, policies and guidelines;
- Assure that within the transition phases, changes to existing systems are compliant with HMG and client IA standards, policies and guidelines and applicable legislation and identify any risks and issues.
- Provide assurance guidance to solution providers
- Provide in-depth technical IA expertise and assurance to projects and work-streams.
Outputs and deliverables
Drive beneficial security change into the business through the development or review of architectures so that they:
- Fit business requirements for security
- Mitigate the risks and conform to the relevant security policies
- Balance information risk against cost of countermeasures
- Protect and defend information and information systems by defining architectures, design patterns, and standards to ensure their availability, integrity and confidentiality. Ensuring that systems permit individuals to access only information and network facilities for which they are authorised.
- Guide, encourage, lead, and develop other colleagues, in the disciplines of technical information assurance.
- Develop implementation approaches for development of secure physical and logical architectures, taking account of HMG and client IA policies, standards, guidelines, and applicable legislation and regulation.
- Review and approve solution designs and planned technical changes and provide specialist guidance on security issues and implications.
- Provide in-depth technical IA expertise and assurance on proposals and throughout the procurement programme.
- Communicate and promote Security Architecture to the Key stakeholders, business and supplier community.
- You will be expected to engage directly with the relevant tower teams, project teams and suppliers to ensure their services and solutions are compliant with HMG policies and standards and client IA requirements and processes.
The successful candidate will be;
- An experienced HMG IA professional with a technical or security design assurance background, or
- an experienced Enterprise Architect with a strong background in security components and HMG Information Assurance
- Experienced in Gateway architecture with technical knowledge of CISCO and other gateway technology
- Strong skills and experience across EUC projects
- You will possess strong communications, relationship building, negotiation and influencing skills.
- You will need to demonstrate high credibility, discretion, and integrity in order that you can work effectively with senior leaders and stakeholders.
- You will have basic knowledge of current laws and legal constraints relevant to IA in the Government/Public Sector IT – e.g. Data Protection Act, Freedom of Information Act
- You will have good working knowledge of HMG IA Accreditation.
- You will have a good understanding of central government department ICT systems and policies
- You will have an understanding of ICT related technology and how physical, technical, procedural and personnel security can be used to reduce risk to an acceptable level
- You will have extensive knowledge and understanding of HMG IA standards and how they apply to ICT systems.
- You will have good working knowledge of applicable industry payment standards e.g. PCI-DSS.
- You will hold a current Government Security Clearance – minimum SC
- Familiarity with the Cross government IT policies
- Familiarity with PRINCE2 project management practice, TOGAF, OSA, SABSA, Member of IISP or similar