Security Architect - NS&I - G7

The Security Architect is a key role in the Enterprise Architecture (EA) team, defining and assessing the organisation's security architecture strategy, high level architectures, and practices. The Security Architect will be required to effectively translate business objectives and risk management strategies into secure designs and services.  They are also key to ensuring that solutions proposed are aligned with NS&I ‘cloud-native’ and ‘secure by design’ principles, and for identifying opportunities for exploiting emerging technologies and supporting their safe use aligned to NS&I’s risk appetite while supporting NS&Is “fast follower” ambition.

 The Security Architect evaluates services, suppliers, applications and security tools, from a technical and security architecture perspective, and translates the risk characteristics of these activities and functions into enterprise risk terms.

Job description

Plan and design security architectures to support the delivery of NS&I’s Business goals:

• Design and develop NS&I’s security architecture, enabling NS&I and service providers to implement solutions and capabilities in accordance with NS&I security policy.
• Develop security architecture strategies and roadmaps.
• Develop and maintain security architecture artefacts (e.g. principles, models, templates and standards) to be used to leverage security capabilities in projects and operations.
• Support the review and approval of designs at appropriate design authorities from a security perspective.
• Review technologies, tools and services, and make recommendations to the design authority for their implementation, based on security and operational metrics.
• Liaise with other security practitioners to share best practices and insights.
• Contribute to Enterprise Architecture development and implementation.
• Track developments and changes in the business and external environments to ensure that they are addressed in security architecture artefacts.
• Validate IT infrastructure and other reference architectures against security best practices and recommend changes, where applicable.

Engage with subject matter experts across NS&I and its delivery partners to deliver secure systems and operations:

• Liaise with delivery partner architects to ensure the most appropriate, lowest impact security solution designs are selected (e.g. in terms of cost, complexity or feasibility).
• Evaluate supplier designs to ensure they align with NS&I’s design standards and target architecture from a security perspective.
• Work with and the internal Security team and wider Risk Directorate to ensure that security risks identified in designs are within the organisational risk appetite, and that the NS&I Corporate Risk Management Framework is followed.

Assure conformance with appropriate standards, principles and governance:

• Validate that the design of solutions allows for appropriate security controls to be included, can meet the risk appetite of the organisation, and are aligned to best practise.
• Coordinate with the Data Architect to document sensitive data flows in the organisation (e.g. PII (Personally Identifiable Information) ) and recommend controls to ensure that this data is appropriately protected (e.g. encryption and tokenization).
• Support project deliveries in making sure that any changes to the security architecture are understood holistically, and the changes being implemented follow the architectural principles and align with the business strategies.
• Assess solutions against NS&I Security Architecture Principles.
• Support Design Change Governance and Assessment of Change Materiality.
• Identify, define and manage relevant architectural waivers and risks.
• Contribute to the definition of risk mitigation plans, where appropriate.

Relationships

Listed below are the jobs and areas with which the post interacts.

Internal

Information Technology

EA and Change Delivery

SIAM

Business Delivery Directorate & Operations

Risk Directorate

Supplier Management

SOC Manager and SOC staff

External

3rd Party delivery teams and service providers

Person specification

Essential experience:

• (Lead Criteria) Experience of working in complex outsourced environments using a wide range of technology, combined with public sector constraints around solution options and governance requirements
• Significant experience of defining security architecture and governance principles in an organisation, and the assurance processes to monitor compliance.
• Considerable experience of IT system delivery projects (following both agile and waterfall methodologies) and implementing security within those deliveries.

Essential technical knowledge and skills:

• Significant experience of supporting the implementation of a secure, public cloud and SaaS solutions in large, complex organisations.
• Strong working knowledge of implementing security infrastructure
• Strong working knowledge of vulnerability management tools

Desirable qualifications, experience and technical knowledge / skills:

• Degree in computer science, information systems, cybersecurity or a related field.
• Experience in using architecture methodologies such as TOGAF and preferably TOGAF certified.

Knowledge of:

• IST Cybersecurity Framework (CSF);
• NCSC guidance and best practice;
• General Data Protection Regulation (GDPR) and the Data Protection Act (DPA);

Technical skills

We'll assess you against these technical skills during the selection process:

• Successful candidates at sift will be assessed on their knowledge of the data processes outlined within the essential criteria.
• Presentation