Website Royal Mail
The Cyber Security Architect is responsible for contributing to the security of RMG technology and information systems as it develops, procures, and uses technology and supporting processes in a pragmatically secure way within business risk appetite and RMG budget tolerances. The role supports the Head of Advisory and Architecture Lead as a key senior broker between all technology teams in Group Technology, and the businesses they support, and the Security Operations and Cyber Risk Management teams.
The role holder needs to have the ability to apply complex technological issues to the business context and ensure that the business gets what it needs to succeed without exposing RMG to unacceptable risk or threats. This is not a role for a purist, the role holder needs to pragmatically balance competing agendas and tensions to deliver acceptable security not perfect security
- Threat and risk modelling. The role holder will perform threat modelling and security impact assessments to support development of security architecture blueprints and specify risk-based high level and detailed security requirements.
- Security Architectural Alignment. The role holder will ensure compliance with RMG Security Architecture for applicable Solution Architectures by supporting and guiding projects throughout development and understand and use the methodologies required to effectively deliver the Security Architecture across RMG.
- Ability to innovate. This role requires creative thinking to make a significant contribution to the development of security architecture and patterns which leverage vendor, opensource and RMG developed technology applications and infrastructure. This includes tracking emerging technologies & standards, pilot, and adopt as appropriate in agreement with the business security related technological innovation. This needs to be done in sympathy with agreed budgets and timelines.
- Strategic Focus . Provide subject-matter expertise and leadership to the delivery of projects in support of RMG’s Cybersecurity strategy and ensure that risks are being managed in line with the Board’s Risk appetite. This includes supporting and contributing to the development and deployment of strategic security architecture blueprints and technical security standards across RMG and to Business Partners and Service Delivery
- Stakeholder management . Able to engage and influencemid and senior stakeholders across Technology and business units with the ability to explain complex issues in simple language, and to stimulate second and third order thinking (i.e. what does this information mean to us as a business and therefore our risk picture vs our appetite?)
- Effective Security Advice . The role holder will ensure that RMG’s change and BAU renewal programmes receive timely, accurate and pragmatic security advice that position security as a business enabler not a compliance function. This includes supporting the Architecture Concurrence Process to make appropriate provisions for embedding security architecture principles.
- Likely to be educated to degree level with a broad knowledge of Technology and cyber security
- Recognized security architecture related qualifications e.g. SABSA, TOGAF, CISSP-ISSAP, CCSP
- Any relevant Security Operations certifications e.g. CISM, CRISC, SANS, CompTIA, GIAC, CEH, OSCP.
- ITIL or related qualifications a bonus.
- Expert knowledge of Cybersecurity architectural practices.
- Expert knowledge and understanding of Cybersecurity architectural principals and methodologies.
- Experienced in security practices across multiple technologies with proven expertise in security architecture
- Ability to work at senior technology level and ensure that tactical activity supports the strategic picture.
- Commercial experience from product selection and contract negotiation through to vendor relationship and service management.
- Agility of thought and comfort with complexity, together with the patience and resilience to overcome change inertia.
- The will to succeed in support of the business’ goals and to align potentially competing agendas to effectively manage Cybersecurity risk within the business risk appetite.
Company: Royal Mail
Vacancy Type: Full Time
Job Location: London, England, UK
Application Deadline: N/A