Security Architect

Job reference number 119777 Security Architect Full time Permanent Royal Mail Farringdon Job Purpose The Cyber Security Architect is responsible for contributing to the security of RMG technology and information systems as it develops, procures, and uses technology and supporting processes in a pragmatically secure way within business risk appetite and RMG budget tolerances. The role supports the Head of Advisory and Architecture Lead as a key senior broker between all technology teams in Group Technology, and the businesses they support, and the Security Operations and Cyber Risk Management teams. The role holder needs to have the ability to apply complex technological issues to the business context and ensure that the business gets what it needs to succeed without exposing RMG to unacceptable risk or threats. This is not a role for a purist, the role holder needs to pragmatically balance competing agendas and tensions to deliver acceptable security not perfect security Key Accountabilities Strategic Focus . Provide subject-matter expertise and leadership to the delivery of projects in support of RMG’s Cybersecurity strategy and ensure that risks are being managed in line with the Board’s Risk appetite. This includes supporting and contributing to the development and deployment of strategic security architecture blueprints and technical security standards across RMG and to Business Partners and Service Delivery Stakeholder management . Able to engage and influence mid and senior stakeholders across Technology and business units with the ability to explain complex issues in simple language, and to stimulate second and third order thinking (i.e. what does this information mean to us as a business and therefore our risk picture vs our appetite?) Effective Security Advice . The role holder will ensure that RMG’s change and BAU renewal programmes receive timely, accurate and pragmatic security advice that position security as a business enabler not a compliance function. This includes supporting the Architecture Concurrence Process to make appropriate provisions for embedding security architecture principles. Pragmatic Security Architecture. The role holder will support, and as directed, lead the integration of security considerations into the fabric of RMG’s software development and adoption, and its infrastructure and platform adoption. This requires a business and technology horizon which spans significant parts of RMG and involves significant stakeholder engagement where technological credibility combined with clear communication is vital. Threat and risk modelling. The role holder will perform threat modelling and security impact assessments to support development of security architecture blueprints and specify risk-based high level and detailed security requirements. Security Architectural Alignment. The role holder will ensure compliance with RMG Security Architecture for applicable Solution Architectures by supporting and guiding projects throughout development and understand and use the methodologies required to effectively deliver the Security Architecture across RMG. Ability to innovate. This role requires creative thinking to make a significant contribution to the development of security architecture and patterns which leverage vendor, opensource and RMG developed technology applications and infrastructure. This includes tracking emerging technologies & standards, pilot, and adopt as appropriate in agreement with the business security related technological innovation. This needs to be done in sympathy with agreed budgets and timelines. Commercial awareness. The role holder must use their professional curiosity to understand RMG’s revenue generating business lines, their supporting functions and how technology enables these, to deliver appropriate security in support of their business goals. Continuous Improvement. The role holder will contribute measuring and improving the maturity and effectiveness of RMG Security Architecture and alignment with security architecture best practices. This includes participating in the development of security technologies and processes and supporting efforts to improve the maturity of RMG Security Controls through continuous collaboration with suppliers and other RMG business areas (e.g. Security Operations, Infrastructure and Service Introduction). Key dimensions Influencing Skills and judgement . Strong influencing and negotiating skills to build trust and confidence at all levels in the Group and using judgement to make risk-based recommendations and decisions within parameters. Analytical Skills . Strong analytical skills and the ability to see the big picture and apply the relevant detail to it. Ability to cut through the noise and provide clear and appropriate recommendations and direction. Communications Skills . Demonstrable ability to clearly represent Cyber Risks within the business in both verbal, written, and presentational form. Clear ability to innovate and tailor messaging and delivery methods for different audiences. Commercial empathy . Able to understand the business and empathise with Technology and Cybersecurity leadership so that security measures are reinforcing business aims and user experience, not running counter to them. The role holder must be able to influence project teams to ensure security architecture compliance is met and to do this without going native as they will be required to overcome inertia and resistance to change. Technical expertise . The role holder must be credible in terms of technical knowledge with expert knowledge of Security Architecture across all domains with a strong focus on Server, Desktop, Network, Storage, O/S, Database, Virtualisation and Cloud. Key competencies: Expert knowledge of Cybersecurity architectural practices. Expert knowledge and understanding of Cybersecurity architectural principals and methodologies. Experienced in security practices across multiple technologies with proven expertise in security architecture Ability to work at senior technology level and ensure that tactical activity supports the strategic picture. Commercial experience from product selection and contract negotiation through to vendor relationship and service management. Agility of thought and comfort with complexity, together with the patience and resilience to overcome change inertia. The will to suc