It Security Architect

IT Security Architect - Hybrid, Edinburgh

Up to £90,000 + benefits (bonus etc)

Head Resourcing are working with a Fintech company who are looking for an experienced IT Security Architect to join the team. In the role you will be working on and maintaining a range of services across the company. With a 30+ year history they are at the forefront of technology and offer great development opportunities.

As a Security Architect you will play an integral part in creating and designing security for the company systems and services, maintaining security documentation and developing architecture patterns and security approaches to new technologies.

Your role will be at the heart of safeguarding our customer data and contributing to the company reputation for trust and innovation within the Fintech space.

Responsibilities:

• Recommend security controls and identify solutions that support company business objectives.
• Provide specialist security advice and recommend approaches across teams and various stakeholders.
• Advise on important security-related technologies and assess the risk associated with proposed changes.
• Inspire and influence others, from all parts of the business, to execute good security practice.
• Possess excellent teamwork skills and provide subject matter guidance and support to colleagues in the Information Security Team.
• Conduct security reviews (Internal audit) of company owned systems and controls.
• Help the business to make informed decisions on risk and be able to document and explain clearly why decisions were made.
• Collaborate with company developers, architects, business analysts and infrastructure support, in the design of innovative Security Architectures for complex systems.
• Have a comprehensive knowledge of Security Architecture, including best practices, and a good understanding of regulatory requirements.
• Be able to communicate complex security concepts to stakeholders of varying levels of technical understanding.
• Collaborate with IT, Operations and business stakeholders to integrate security considerations into the project lifecycle.
• Evaluate and recommend new security tools and technologies to enhance the organisations security posture.

Skills/Experience:

• Previous experience working in a similar technical Security Architect role.
• Strong understanding of technical architecture and security aspects of infrastructure, application, web, and cloud technologies (AWS in particular).
• Experience of creating and implementing security standards and security policies.
• Technical knowledge around core security areas such as malware, firewalling, access control, networking, security in the cloud etc.
• Knowledge of relevant legislation and regulatory compliance, such as UK GDPR.
• Comprehensive understanding of security frameworks such as ISO 27001/2, Cyber Essentials Scheme, CIS framework, NIST.
• Strong people skills with experience of working with internal and external stakeholders.
• Technical security or security management qualifications are preferred e.g. CISSP, CCSP, CISA or CCS - Pro.

Previous experience with one or more of the following may also prove beneficial:

• Cryptography - Certificate hierarchies.
• Open banking - CIBA/FAPI (back channel authentication).
• IAM, MFS, SSO.
• ForgeRock.
• Message and authentication/authorisation protocols and standards including OAuth, OIDC, UMA, JWTS, WS-Fed, mTLS, SAML token binding (RFC8705) etc.