Experis has a new 12 month contract opportunity for a Senior Security Architect with strong experience within the banking sector. The successful candidate will have banking experience, Google Cloud Platform experience with knowledge in one or more of the following: FFIEC, OFCC, SEC and Federal Reserve plus: SOX, GLBA and PCI.
Title: Senior Security Architect (Banking)
Length: 12 months
Rate: £550 - £600 (via Umbrella, Inside IR35)
Establishes, supports and continuously improves the enterprise information security policies, practices and standards on Google Cloud platform. Participate or leads on-going GCP migration activities that serve to establish appropriate access to and provide the appropriate protection, confidentiality, integrity and availability of enterprise systems and data through effective security controls. Validate compliance with policies and standards that keep Customer applications and infrastructure on GCP safe and secure from vulnerabilities. Work directly with scrum teams to install, configure, maintain and troubleshoot systems/procedures to solve complex problems, balancing business needs against potential risks. Ensures the safety of information system assets, protecting them for intentional, inadvertent access, modification or destruction.
- Provide timely and effective operational support for the firm's information security tools, processes and practices. Partner with other support teams and vendors to resolve problems or implement new products or services. Use standard technology monitoring tools to monitor assigned environments and/or technical assets and identify/detect behaviour outside of established standards. Escalate key security issues to the appropriate team to be addressed. Assist with security assurance testing activities.
- Monitor compliance with information security policies and practices and any applicable EU/USA or other countries laws. Assist with internal and external security risk assessments, risk analysis and application or system-level vulnerability testing and reviews. Participate in the assessment of compliance with security regulations such as PCI, etc. Conduct regular, comprehensive application security health checks and ensure strategy addresses identified issues/needs. Collaborate with stakeholders to determine current and future level of enterprise investment required to sustain compliant and robust security standards. Provide cost, feasibility and risk analysis to support and gain initiative approval. Monitor and document vendor compliance with Customer security requirements.
- Assist with the research, development, continuous improvement and implementation of security policies, procedures, standards and processes based on compliance requirements and industry best practices. Document the Customer information security requirements, processes and procedures. Enforce information security policies and procedures by reviewing security violation reports, investigating possible security exceptions and documenting security controls.
- Prepare status reports on information security matters that are used for a variety of purposes - tracking and monitoring security breaches, forensic investigative activities, remediation plan management and risk management & compliance reporting. Effectively manage and prioritize ad-hoc reporting requests, scorecards and standard Job Family/Functional reporting. Coordinate with internal team and external auditors to provide documentation of compliance assessments, support and remediation activities.
- Review, analyse and respond to security events triggered through automated security monitoring systems. Validate and track security breaches, along with threats to the firm's logical information, while still allowing for appropriate access. Coordinate responses to information security incidents. Work to reduce information security risks by effectively administering the information security processes across the vulnerability scanning, anomaly detection, intrusion detection, security policy and forensic functions.
- Maintain and develop knowledge of regulatory security trends, new security technologies and best practices. Conduct security and industry specific research to keep self and the firm abreast of the latest security issues and regulatory developments that may impact existing policies, procedures and practices. Participate in information security education, training and awareness activities for technology and business teams.
- Actively champion and contribute to the continuous improvement of the Information Security Management (ISM) area. Apply best practices using innovative ideas to increase awareness and effectiveness of the Security Management organization. Proactively identify opportunities to expand and enhance knowledge of ISM area. Act as a Subject Matter Expert (SME) for security issues. Represent the organization in industry and standards groups related to security.
- Build rapport, credibility and cohesion across all business, operational and technology teams. Maintain strong knowledge and understanding of business needs, evidenced by the ability to establish and maintain a high level of trust and confidence. Support the development of the Information Security strategy by forming relationships with businesses and technology areas to understand their associated risks and issues in order to influence security decision-making.
- Collaborate with stakeholders to determine the current and future level of enterprise investment required to sustain compliant and robust security standards. Measure impact through budget management and forecasting. Track, analyse and leverage control and release management vulnerability data.
- 7+ years' experience
- Google Cloud Architect
- CISSP / CISA / CISM / CRISC or equivalent
- Experience linking legal and regulatory statutes with corporate policies
- Experience with regulatory compliance issues such as: FFIEC, OFCC, SEC and Federal Reserve plus: SOX, GLBA and PCI
- Strong/diverse technical background in enterprise networking, firewall, storage options, server infrastructure, operating systems, database technologies and desktop operating systems and security
- Demonstrated expertise in security operations methodology, information security concepts, and security analysis/monitoring
- Develop, maintain and enforce corporate information security policies, standards and guidelines encompassing data and intellectual property security. Formally and informally respond to customer and regulatory requests with regard to information security services, mechanisms and safeguards, including regular communications with regulatory, privacy and legal stakeholders and active participation in internal and external audit activities
- Maintain strong knowledge and understanding of business needs, evidenced by the ability to establish and maintain a high level of trust and confidence
- Support the development of the Information Security strategy by forming relationships with businesses and technology areas to understand their associated risks and issues in order to influence security decision-making
- Actively champion and contribute to the continuous improvement of the Information Security Management (ISM) area.
- Apply best practices using innovative ideas to increase awareness and effectiveness of the Security Management organization. Proactively identify opportunities to expand and enhance knowledge of ISM area.
- Act as an SME for security issues. Represent the organization in industry and standards groups related to security
If you meet the above criteria, please apply to be contacted by an Experis consultant.