Security Architect (Technology & Digital Change)

Job Description

The NNL are an innovative nuclear organisation, with an ambitious roadmap for using technology to help our business deliver better outcomes. The Security Architect exists within the Technology & Digital Change, Cyber Security and Information assurance.The NNL operate a hybrid infrastructure and continue to lead the way maximising the use of cloud technology in the nuclear industry. As a member of the Technology and Digital Change team, the security architect has a critical role to ensure the securityof all NNL assets and infrastructure.KEY REQUIREMENTSThe main requirements of this role are:-

• Maintain an overall perspective on Technology and security issues, events and activities, with an understanding of their wider implications and long term impact. This could include determining patterns, standards, policies, roadmaps and vision statementsfocusing on outcomes, solutions and activities
• Document or derive business, security, and or technical requirements
• Design innovative solutions in accordance with our architecture principles
• Apply secure by design principles
• Be proactive and continually improve the performance and the security of our technology estate
• Create proof of concepts and undertake solution assessments / fit gap analysis
• Produce HLDs, LLDs Target State Architectures, Roadmaps, Blueprints, Build Books, Test Plans
• Build and implement small to medium scale solutions and or take the lead for large scale solutions
• Ensure deployed solutions are aligned to functional and non functional requirements and provide technical sign off for service transition
• Analyse buy over build position considering financial and operational considerations
• Work with 3rd Party suppliers to resolve issues (i.e SOC or NOC)

The successful security architect will need to be:-

• SC Ceared (Security Clearance)
• Highly competent in designing secure system architectures through the application of patterns and principles, to meet user needs whilst managing risks
• Experienced in turning business problems into technical designs by designing systems characterised by managed levels of risk, business, and technical complexity and meaningful impact
• Demonstrable knowledge and understanding how governance works, what governance is required and taking responsibility for the assurance of parts of a service knowing what risks need to be managed
• Practical understanding of architecture methodology (e.g TOGAF)
• Maintain knowledge of current and future digital trends and be able to demonstrate successful application to solve real world business problems
• A demonstrable track record working in a similar role
• Have a strong conceptual and practical understanding of the Microsoft Cloud, Office 365 platform and business productivity tools including fir example Power Platform
• Applying security concepts to a technical level, working with security tools, network security, infrastructure technologies, and information Security Management frameworks (e.g ISO 21001, Co BIT and SOX)
• Understanding and applying industry standards including for example NCSC information security guidance and architecture patterns
• Interpreting information and guidance from our SOC and converting these into actionable instructions to our infrastructure and operations teams
• Proficient in evaluating the security of applications and architectures using both manual and automated techniques (e.g code security scanners, web vulnerability scanners, and assessment support tools) to identify security issues.

It is desirable for the successful Security Architect to have an:-

• Experience in scoping and working with 3rd party penetration testers for an accredited or regulated environment
• Understanding of security architecture methodology (e.g SABSA)
• CISA, CISSP, CISM or CIA quaification
• CRSTA

Keyskills :
Network SecurityCISMCISSPInformation SecuritySecurity Management