JOB TITLE: Information Security ArchitectREPORT TO: Principal ArchitectDEPARTMENT: EnterpriseLOCATION: London/NewcastleTERM: PermanentSALARY: £95,000 + BenefitsPurpose of the Job Our Client is going through a period of significant technology, process transformation and change. To ensure we minimise risk and secure our estate there is a need to enhance our Architecture practice with an Information Security Architect. The Architecture function within Go-Ahead is responsible for architectural governance, ensuring technological alignment to strategic goals and minimising risk during periods of change.As the Information Security Architect, you will be responsible ensuring a “Secure by Design” approach is embedded within our services and infrastructure whilst also lead the development and support of our Information Security Strategy and Roadmap.You will contribute to the evolution of our IT strategy through your insights into market leading technologies and providers and how they complement and enhance our capabilities. This is an exciting time to join a growing team and opportunity to lead the way in which we evolve the Architecture team.Principal Accountabilities Strategic Design and ImplementationDesign comprehensive architecture solutions that integrate seamlessly into all aspects of IT services, ensuring a “Secure by Design” approach is embedded in the development of our services and infrastructure.Security Architecture LeadershipLead the development and support of our Information Security Strategy and Roadmap, focusing on critical areas such as Security Operations Technology stacks, including SOC, SIEM, and EDR systems.Cloud and Application SecurityEnhance the security frameworks of our cloud-based services (SaaS, PaaS, IaaS) and Microsoft Office 365 applications (Exchange, SharePoint, Teams) through advanced security measures and identity access management (IAM).Regulatory Compliance and Operational SecurityExhibit demonstrable expertise in implementing operational security controls and ensuring compliance with various regulatory standards (ISO27001, NIST, COBIT, CIS).Governance, Risk, and Compliance (GRC)
Take a leading role in GRC activities that support the organisation’s business growth and operational plans.Information Security Governance, Risk, and Compliance (GRC)Take a leading role in GRC activities that support the organisation’s business growth and operational plans. Architectural GovernanceParticipate and contribute to governance processes across architectures to ensure compliance with information security architectural and design standards Expert Guidance Keep abreast of information security developments and provide technical leadership and guidance where required to the Information Security Operations teamPerson Specification
IttributeEssentialDesirableEducation & QualificationsA strong Computing or Science Degree is required.Appropriate Industry certifications (CISSP)Knowledge of Architectural frameworksCISM CertificationCertificate of Cloud Security Knowledge (CCSK)Certified Cloud Security Professional (CCSP)Specialist Knowledge & SkillsExpert knowledge of securing modern platforms and networks Lead and direct security initiatives with an enterprise impact, using a defined methodology, whilst maintaining views of risks and opportunity.SABSA CertificationKnowledge of the TOGAF ADM modelArchimate Notation to describe Strategy through to technology layersRelevant ExperienceProven experience in designing and leading the implementation of comprehensive security architecture solutions.Experience of developing and architecting solutions for identity and access management within modern frameworks such as Entra ADExpert knowledge in securing both cloud services and enterprise applications.Experience in implementing operational security controls and ensuring / demonstrating compliance with regulatory standardsStrong leadership skills in managing GRC activities and contributing to strategic roadmaps.Design and/or Architectural Governance enforcementInterpersonal & Communication SkillsExcellent communication skills, with the ability to develop detailed user stories and requirements Strong client-facing and business analysis skills, capable of working closely with stakeholders to meet business needs.Ability to lead and articulate vision and strategy to C-Suite for investment
Comfortable working within a team empowered to make autonomous decisions within a security design frameworkBeliefs and attitudesCollaborative and AccountableHaving a can-do attitudeCustomer-focusedAdditional RequirementsWillingness to travel to visit Go-Ahead Group operating companies as appropriate.Travel between London and Newcastle offices in establishing strong ties between the InfoSec Ops and Architecture teams