Overview
We are seeking a proactive and detail-oriented Security Architect to support the implementation of Secure by Design (SBD) principles within an IT consultancy framework. This role will involve collaboration with technical teams, stakeholders, and assurance functions to embed security across the development lifecycle, ensuring high standards of cyber resilience. The Security Architect will have a pivotal role in managing security assurance activities and promoting a culture of security awareness across delivery teams.
Responsibilities
- Coordinate and support the implementation of Secure by Design practices across various projects and programmes.
- Act as a central point of contact for security assurance, liaising between technical teams, architects, and governance functions.
- Track and manage security risks, issues, and mitigation plans throughout the delivery lifecycle.
- Ensure security requirements are captured and integrated into all design and delivery documentation.
- Support threat modelling, risk assessments, and conduct security reviews.
- Maintain assurance artefacts including design documentation, risk registers, and compliance checklists.
- Facilitate security sign-off processes ensuring compliance with internal policies and external standards.
- Promote a culture of security awareness and continuous improvement among all delivery teams.
Requirements
- Strong understanding of Secure by Design principles and cyber security best practices.
- Experience in a security architecture, risk, or assurance team environment.
- Excellent organizational and coordination skills for managing multiple work streams.
- Familiarity with Computer Assisted Audit Techniques (CAAT).
- Knowledge of risk management frameworks and security governance processes.
- Strong communication skills and stakeholder engagement abilities.
- Capability to interpret technical documentation and translate security requirements into actionable tasks.
- Experience with threat modelling tools and a good understanding of cloud security (AWS, Azure, GCP) is desirable.