London, United Kingdom
North Starr have an unrivaled opportunity for a strong Information Security Engineer/ Analyst who wants to move in to an architecture role. You will be working for a global retail giant, within their rapidly expanding e-commerce function.
Key accountabilities will include
- Defining the IT Security Architecture vision, strategy & roadmap, aligned with the overall technology posture, PCI and GDPR Data Protection compliance and Business Strategies.
- Support the Domain Architects develop and implement their strategy and roadmaps from a security perspective.
- Develop and collaborate with the Risk Team on the Application and Platform Risk Management strategy, assisting the IT Management team in gaining an accurate understanding on technical security risks and controls, enabling each area within Technology to be clear on their obligations from a Payment and Data Protection perspective.
- Work with the Data Architect and the internal audit team to identify data classifications to ensure that risk analysis can be completed effectively.
- Provide strategic support in leading the Security Guild.
- Identify industry, technology and compliance trends across the key corporate systems to determine their potential impact on the client, with a view to proactively identifying future technology solutions or opportunities appropriate for the organisation.
- Provide security insight, expertise, direction, and assistance to solution and domain architects to ensure solutions are the best fit for the business, have completed risk analysis and have an agreed set of controls identified.
- Take an active role in disseminating security principles and standards working closely with Enterprise Architects and the larger Delivery community to cultivate and promote knowledge of security and privacy best practices.
- Direct Solution Architects in the production of an architecture that is consistent with the overall security strategy
- Represent security when engaging with Brands and the Business alike to raise awareness of the company’s security strategy.
- Provide a deep knowledge of security and compliance, and act as an informed “challenger” to ensure proposed solutions have been considered correctly.
Potential candidates would be expected to have:
- Excellent knowledge of PCI and PSD2
- Familiarity with Top10 OWAS
- Experience of working with QSAs and other Security SMEs
- Experience on the application of Security standards such as ISO 27001, ISO27017, ISO27018 or equivalent
- Strong experience of architecture frameworks and solution design methodologies
- Understanding of cloud delivery and deployment models and updated of evolving technologies within the organization and across cloud industry
- Retail\ e-commerce experience highly desirable
Possession of CISSP, CISM or CISA is preferable but not mandatory