Information Security Architect

The role

• Working as part of the wider Security Architecture Engineering and Resilience team The Information Security Architect is the responsible authority with the requisite knowledge to work across a wide variety of portfolios providing Information & Cyber Security domain expertise and skills to help provide strategic technical direction that can optimise enterprise outcomes.
• This role focuses on the implementation of Information and Cyber Security across multiple portfolios within CC IT space.
• It is a key role in delivering Information & Cyber Security transformation and helping to ensure that the end vision is being delivered in a secure and resilient way while focusing on the overall experience to the users.
• The Information Security Architect will collaborate on the production of the domain architectural runway built to support future current and near-term business security and resiliency needs.
• The Information Security Architect will also lead the firms IoT Security platform in line with its SmartBuilding and aligned activities. It will also maintain the assurance posture for IoT and OT devices making sure that Cyber response and monitoring is achieved with the desired visibility and that the IoT and OT devices are secured according to risk.
• The Information Security Architect will be responsible for architecture security patterns and approaches for firm systems and data deploying best practice by default.
• The Information Security Architect will be the first point of all for all matters of technical guidance around security to other subject matter experts in the business.
• At portfolio level the Information Security Architect provides guidance relating to information and cyber security with regards to business changes changes in underlying technologies emerging standards competitive changes and other factors which may drive the business in directions that are outside the purview of agile portfolios.
• The Information Security Architect will be a gatekeeper of Information Security within the CC Architecture Community of Practice and make sure that all platforms are appropriately designed to mitigate information risk and are secured as appropriate and tested as required.
• Information Security architect will work with the Cloud Security Architect to build on the Cloud Centre of Excellence within the firm making sure that all activities are visible and secure.
• Information Security Architect will represent the security function at governance and control activities within the wider IT and firms aligned functions.

Key Responsibilities

• Maintain a high-level holistic vision of Information Security within enterprise solutions and development initiatives.
• Build contribute and maintain Information Security input to domain level roadmaps by demonstrating how they deliver the firms core business capabilities in a secure manner and align to longer term strategic security and business roadmaps.
• Architect Design Build and Run Security services for the wider IT function including IoT OT and IT (on prem and cloud)
• Understand and communicate strategic Information Security themes and other key business drivers for architecture to solution architects and non-technical stakeholders.
• Contribute an Information and Cyber Security perspective to wider architectural initiatives in the portfolio where applicable.
• Attend and participate in Data Governance Board project proposal reviews for use of data to ensure appropriate security and data use.
• Influence Information & Cyber Security best practices with regards to common modelling design and coding practices working closely with our application development teams and technical leads to ensure security across the portfolio.
• Collect generate and analyse innovative ideas and technologies that are applicable to the enterprise in this domain.
• Address Information Security innovation as part of the future of architecture.
• Synchronise the following across solutions whenever applicable:
  - System data security and quality;
  - Production infrastructure;
  - Solution User experience governance;
  - Scalability performance and other non-functional requirements.
• Participate in Release Planning activities from an Information Security Perspective.
• Work with aligned IT functions to asses security architectural requirements and engagement to fit demand
• Keep in touch with the reality of the day-to-day Information Security architecture work listening to the feedback and issues raised by the domain teams to consider and reflect in the roadmaps. 

Qualifications :

Your experience

Skills:

• Ideally an Information Security professional with both technical design and engineering expertise in a range of technologies as well as comprehensive   knowledge set of Information & Cyber Security frameworks and principles.
• Fully conversant with the Microsoft suite of tools (E5 DFC Sentinel Entra Defender for IoT)
• Should have exposure to Endpoint Data Protection Threat Intelligence and Application Security technologies
• Experience in creating architecture design documents including HLDs and LLDs
• Exposure to data privacy standards and implementations
• Extensive senior stakeholder management skills.
• Able to work on multiple projects simultaneously and manage their time effectively
• Ability to work collaboratively with IT teams legal professionals and other stakeholders to ensure security measures align with business objectives.
• Excellent communicator with strong
•  analytical and problem-solving skills to address security challenges effectively.
• Knowledge of architecture frameworks and methods such as The Open Group Architecture Framework (TOGAF) and the ability to develop and maintain personal architectural knowledge skills and abilities. 

Experience:

In order to perform this role you will have at least 10 years IT experience five years of which must be in an either a senior engineering role or security architecture role working at senior level in a global organisation.

You will have a comprehensive knowledge of all Information Security & Cyber Security domains. Your Architecture or engineering experience must be clearly demonstrable and will have worked as an architect and understand the requirements of architecture frameworks and Information & Cyber Security frameworks such as NIST Cyber Essentials and ISO27001.

• Previous experience of working for a global professional service environment or corporate organisation such as legal/finance/banking.
• Solid understanding of multiple architecture and security tools techniques and frameworks TOGAF SABSA BSIMM NIST ISO 27001 etc.
• Solid understanding of secure development principles for multiple delivery methods Agile Waterfall etc.
• Practical experience of Information Security Risk Management and Threat Management.
• The ability to champion Information Security Architecture principles at an enterprise level.
• Practical experience of working with Prince2 PMP Lean & Agile delivery tools such as Agile Central (or other similar tools e.g. JIRA) is preferable
• Experience of developing IT roadmaps for specific business or technology areas. 
• Experience of working with multiple diverse technologies and processing environments. 
• Adaptability to adapt security architecture plans to a variety of rapidly changing environments.
• Ability to building information and system resilience into every architecture plan or system to meet business requirements.

Written and Verbal Communications:

• Highly developed written and verbal communication skills capable of producing global and sensitive communications to a varied audience at all levels in both Practice Areas and Business Services.
• Excellent verbal and interpersonal communications skills some form of customer-facing interaction or consulting experience is a plus.

Qualifications:

• The ideal candidate will be Certified Information Systems Security Professional (CISSP) or qualified preferably with either Certified Information Security Manager (CISM).

Client Focus

At Clifford Chance we believe in bringing the client - both internal and external - to the centre of everything we do. To do this we need to understand anticipate and fulfill the unique needs and expectations of each client.  We call this Client Focus and to help deliver this core part of our business strategy we want to recruit people who not only excel in their field but who are also client focused.

We are looking for people who:

• can demonstrate a keen interest and enthusiasm to understand their clients priorities.
• are self-starters but also team players ready to help others and contribute to the overall success.
• listen question and deliver; and
• are reliable and responsive who can put the needs of the client first.
• who demonstrate the highest level of ethical behaviour we never compromise on our ethics.

In short we are looking for people who are motivated by client satisfaction and who strive to exceed the expectations of their clients both internally and externally.

Additional Information :

Hybrid Working

This role follows our balanced hybrid working approach and as long as business needs allow you will be supported to work in a hybrid way with the expectation of working from the office for a minimum of 50% of your time.
 

What we offer including our broad range of benefits and working environment

When you join Clifford Chance you will have access to a broad range of benefits to support you across many aspects of your personal and professional life including financial wellbeing lifestyle and family friendly benefits. For more information on what we offer specifically in the UK please visit our What We Offer page on our career site. 
 

Equal Opportunities

At Clifford Chance we understand that our true asset is our people. Inclusion is good for our team and their families our firm and society. 

We are committed to treating all employees and applicants fairly and equally regardless of their gender gender identity and expression marital or civil partnership status race colour national or ethnic origin social or economic background disability religious belief sexual orientation or age.  This applies to recruitment and selection terms and conditions of employment including pay promotion training transfer and every other aspect of employment.

We have a variety of flourishing employee networks. These networks are a place for colleagues to share experiences and advocate for change wherever they see an opportunity for improvement.

Our goal is to deliver an equality of opportunity an equality of aspiration and an equality of experience to everyone who works in our firm.

Find out more about our inclusive culture here

#LI-Hybrid

Remote Work :

No

Employment Type :

Full-time