Information Security Architect

Company	Bridge Of HopeSee more
Address	Swindon, Staffordshire
Salary	Fixed term contract
Category	Construction & Property

Job description

Job Description

We are AMS. We are a global total workforce solutions firm; we enable organisations to thrive in an age of constant change by building, re-shaping, and optimising workforces. Our Contingent Workforce Solutions (CWS) service partner with Zurich to support contingent recruitment hiring. On behalf of Zurich, AMS are looking for a Information Security Architect for a 6 Month contract based in Swindon (1 day in office).

At Zurich we believe in creating a brighter future for our customers, partners, our people and the planet by providing products and services which have a positive impact on peoples lives. We want to be one of the most responsible businesses in the world.

In the UK, Zurich provide a suite of general insurance products covering business, casualty, motor, property and travel insurance, life insurance and pensions products to individuals and corporate customers. We employ over 4,500 people in the UK and are based across a number of locations with our head office being in Swindon.

Purpose of the Role:

The Information Security Architect is responsible for designing and implementing robust Security Architectures and solutions to safeguard an organization's information assets. This role involves collaborating with various stakeholders to understand business objectives, identify security requirements, and develop strategies to mitigate risks effectively. The Information Security Architect plays a critical role in ensuring the confidentiality, integrity, and availability of sensitive information, as well as compliance with relevant security standards and regulations.

Responsibilities of the role:

As a Information Security Architect you will be responsible for:

Security Architecture Design: Develop comprehensive Security Architectures that align with business goals and regulatory requirements. Design solutions to protect networks, systems, applications, and data from internal and external threats. Evaluate emerging technologies and recommend security enhancements to strengthen the overall security posture.
Security Framework Implementation: Implement industry-standard security frameworks such as NIST Cybersecurity Framework, ISO/IEC 27001, CIS Controls, or others based on organizational needs. Define security controls, policies, and procedures to address specific security objectives. Establish metrics and KPIs to measure the effectiveness of security controls.
Governance and Compliance: Establish security governance processes to ensure adherence to security policies, standards, and regulatory requirements. Conduct regular security assessments, audits, and risk assessments to identify vulnerabilities and compliance gaps. Develop remediation plans and oversee their implementation to mitigate identified risks.
Security Awareness and Training: Develop and deliver security awareness programs to educate employees on security best practices, policies, and procedures. Foster a culture of security awareness and accountability throughout the organization. Provide training sessions and resources to empower employees to recognize and respond to security threats effectively.
Incident Response and Management: Develop incident response plans and procedures to address security incidents promptly and effectively. Lead incident response teams in investigating security breaches, determining root causes, and implementing corrective actions. Coordinate with internal stakeholders and external partners to contain and mitigate the impact of security incidents.
Collaboration and Communication: Collaborate with cross-functional teams including IT, legal, compliance, and business units to integrate security requirements into business processes and projects. Communicate security risks, issues, and recommendations to executive leadership and relevant stakeholders in a clear and concise manner. Serve as a subject matter expert on security matters and provide guidance on security-related decisions.

What we require from the candidate:

Professional certifications such as CISSP, CCSP, CCNP Security, or equivalent are highly desirable.
Extensive experience in designing, implementing, and managing infrastructure security solutions in complex IT environments.
Strong understanding of network security principles, including firewalls, intrusion detection/prevention systems, VPNs, and secure network architecture.
Proficiency in cloud security concepts and technologies, including identity and access management, encryption, and secure configuration management (e.g., AWS IAM, Azure AD, Google Cloud IAM).
Knowledge of security best practices and standards such as NIST, CIS Controls, ISO/IEC 27001, and GDPR.
Experience with security governance, risk management, and compliance frameworks relevant to infrastructure security (e.g., SOC 2, PCI DSS, HIPAA).
Demonstrated ability to assess infrastructure security risks, develop mitigation strategies, and implement security controls effectively.
Excellent analytical and problem-solving skills, with the ability to troubleshoot complex security issues and recommend solutions.
Effective communication and interpersonal skills, with the ability to collaborate with cross-functional teams and communicate technical concepts to non-technical stakeholders.
Experience with security incident response and management processes, including incident detection, analysis, containment, eradication, and recovery.
Proven track record of leading and managing infrastructure security projects from conception to completion, including project planning, resource allocation, and stakeholder management.

Next steps

This client will only accept workers operating via an Umbrella or PAYE engagement model.

If you are interested in applying for this position and meet the criteria outlined above, please click the link to apply and we will contact you with an update in due course.

At Zurich, we are proud of our culture. We are passionate about Diversity and Inclusion. We want you to bring your whole self to work we have a diverse mix of customers and we want our employee base to reflect that. Our diversity and inclusion initiatives are creating an environment where everyone feels welcome regardless of protected characteristics.

With the above in mind, we accept applications from everyone regardless of your background, beliefs or culture however we especially welcome applications from women, people from ethnic minorities, people with a disability and people who are LGBT+ as these groups are currently under-represented in our organisation.

AMS, a Recruitment Process Outsourcing Company, may in the delivery of some of its services be deemed to operate as an Employment Agency or an Employment Business.

Refer code: 3042991. Bridge Of Hope - The previous day - 2024-03-22 09:36