Information Security Architect
Clifford Chance
- London, England, United Kingdom
- London, England, United Kingdom
About
Our firm, work and people span jurisdictions, cultures, and languages. We offer our clients a truly international perspective. We believe every career should be rewarding and stimulating - full of opportunities to learn, thrive, and grow. That’s why we’re so proud of our inclusive, friendly, and team-based approach to work.
You’ll find our clients in commercial and industrial sectors, the financial investor community, governments, regulators, trade bodies, and not-for-profit organisations. But no matter who they are or why they’ve reached out to us, we provide a world-class service every step of the way. And that’s possible thanks to the entrepreneurial spirit and conscientious approach to work that you’ll find across all of our teams.
Whichever area of the business you join, you’ll become an integral part an innovative, diverse and ambitious team of people. Clifford Chance is a place where the brightest minds and the best of colleagues meet.
The role
Working as part of the wider Security Architecture, Engineering and Resilience team, the Information Security Architect is the responsible authority with the requisite knowledge to work across a wide variety of portfolios providing Information & Cyber Security domain expertise and skills to help provide strategic technical direction that can optimise enterprise outcomes.
This role focuses on the implementation of Information and Cyber Security across multiple portfolios within CC IT space.
It is a key role in delivering Information & Cyber Security transformation and helping to ensure that the end vision is being delivered in a secure and resilient way while focusing on the overall experience to the users.
The Information Security Architect will collaborate on the production of the domain architectural runway built to support future, current and near-term business security and resiliency needs.
The Information Security Architect will also lead the firms IoT Security platform in line with its SmartBuilding and aligned activities. It will also maintain the assurance posture for IoT and OT devices making sure that Cyber response and monitoring is achieved with the desired visibility and that the IoT and OT devices are secured according to risk.
The Information Security Architect will be responsible for architecture security patterns and approaches for firm systems and data deploying best practice by default.
The Information Security Architect will be the first point of all for all matters of technical guidance around security to other subject matter experts in the business.
At portfolio level, the Information Security Architect provides guidance relating to information and cyber security with regards to business changes, changes in underlying technologies, emerging standards, competitive changes and other factors, which may drive the business in directions that are outside the purview of agile portfolios.
The Information Security Architect will be a gatekeeper of Information Security within the CC Architecture Community of Practice and make sure that all platforms are appropriately designed to mitigate information risk and are secured as appropriate and tested as required.
Information Security architect will work with the Cloud Security Architect to build on the Cloud Centre of Excellence within the firm making sure that all activities are visible and secure.
Information Security Architect will represent the security function at governance and control activities within the wider IT and firms aligned functions.
Key Responsibilities
Maintain a high-level holistic vision of Information Security within enterprise solutions and development initiatives.
Build, contribute and maintain Information Security input to domain level roadmaps by demonstrating how they deliver the firm's core business capabilities in a secure manner and align to longer term strategic security and business roadmaps.
Architect, Design, Build and Run Security services for the wider IT function including IoT, OT and IT (on prem and cloud)
Understand and communicate strategic Information Security themes and other key business drivers for architecture to solution architects and non-technical stakeholders.
Contribute an Information and Cyber Security perspective to wider architectural initiatives in the portfolio where applicable.
Attend and participate in Data Governance Board project proposal reviews for use of data to ensure appropriate security and data use.
Influence Information & Cyber Security best practices with regards to common modelling, design and coding practices, working closely with our application development teams and technical leads to ensure security across the portfolio.
Collect, generate and analyse innovative ideas and technologies that are applicable to the enterprise in this domain.
Address Information Security innovation as part of the future of architecture.
Synchronise the following across solutions whenever applicable:
System, data security and quality; Production infrastructure; Solution User experience governance; Scalability, performance and other non-functional requirements.
Participate in Release Planning activities from an Information Security Perspective.
Work with aligned IT functions to assess security architectural requirements and engagement to fit demand
Keep in touch with the reality of the day-to-day Information Security architecture work, listening to the feedback and issues raised by the domain teams to consider and reflect in the roadmaps.
Qualifications
Ideally, an Information Security professional with both technical design and engineering expertise in a range of technologies as well as comprehensive knowledge set of Information & Cyber Security frameworks and principles.
Fully conversant with the Microsoft suite of tools (E5, DFC, Sentinel, Entra, Defender for IoT)
Should have exposure to Endpoint, Data Protection, Threat Intelligence and Application Security technologies
Experience in creating architecture design documents, including HLDs and LLDs
Exposure to data privacy standards and implementations
Extensive senior stakeholder management skills.
Able to work on multiple projects simultaneously and manage their time effectively
Ability to work collaboratively with IT teams, legal professionals, and other stakeholders to ensure security measures align with business objectives.
Excellent communicator with strong, analytical and problem-solving skills to address security challenges effectively.
Knowledge of architecture frameworks and methods such as The Open Group Architecture Framework (TOGAF) and the ability to develop and maintain personal architectural knowledge, skills and abilities.
Experience
At least 10 years IT experience, five years in a senior engineering role or security architecture role at a global organisation.
Knowledge of Information Security & Cyber Security domains; experience as an architect and understanding of architecture frameworks and Information & Cyber Security frameworks (NIST, Cyber Essentials, ISO27001).
Previous experience in a global professional service environment or corporate organisation (legal/finance/banking) is desirable.
Solid understanding of TOGAF, SABSA, BSIMM, NIST, ISO 27001.
Secure development principles for multiple delivery methods (Agile, Waterfall).
Experience in IT risk management and threat management.
Ability to champion Information Security Architecture principles at an enterprise level.
Experience with project/delivery tools (Prince2, PMP, Lean & Agile tools such as Jira).
Experience developing IT roadmaps for business or technology areas.
Experience with multiple technologies and processing environments and ability to adapt security architecture plans to changing environments.
Ability to build information and system resilience into architectures to meet business requirements.
Written and Verbal Communications
Highly developed written and verbal communication skills, capable of producing global and sensitive communications to a varied audience at all levels.
Excellent verbal and interpersonal communication skills; customer-facing experience is a plus.
Qualifications
The ideal candidate will be CISSP or qualified, preferably with CISM.
Client Focus We are looking for people who are client-focused: who demonstrate interest in clients’ priorities, are self-starters yet team players, listen and deliver, are reliable and responsive, and uphold high ethical standards.
We are looking for people motivated by client satisfaction and who strive to exceed expectations.
Additional Information
Hybrid Working: Balanced hybrid approach; expect to work from the office at least 50% of the time.
Equal Opportunities: Clifford Chance is committed to fair and equal treatment of all employees and applicants across gender, race, disability, and other protected characteristics. We provide networks and initiatives to support inclusion.
For more information on benefits and our working environment, see our career site.
#J-18808-Ljbffr
Languages
- English
Notice for Users
This job comes from a TieTalent partner platform. Click "Apply Now" to submit your application directly on their site.