Job Application

Lead Security and Compliance Architect (SC/DV Cleared)

• Contract until end of July 2024
• Inside IR35
• SC/DV Clearance required
• Remote working with 1-2 days per month either working at the permanent location (Sheffield) or at an additional location with expensed travel.

The Lead Security & Compliance Architect will work towards:

• Leading and evaluating the secure design of major products, services and input to complex solutions, challenging outmoded concepts and driving improvements with innovative, creating precedents and setting direction.
• Working with Delivery Managers and developers: Applying security concepts to a technical level across multiple projects, working with security tools, network security infrastructure. technologies, and information security management frameworks
• : Recommending security controls and identifying solutions that support business objective, working out subtle security needs and understanding the impact of decisions, balancing requirements and deciding between approaches.
• Working with other technical architects: Overseeing the security engagement for projects within the nominated business spheres (Automation Centre) and cooperating with colleagues to find common solutions to similar challenges across all business lines.
• Working with Assurance leads to lead the security assurance and evaluate the outcomes mapped against NCSC CAF and Cloud security principles.
• Applying security concepts to a technical level across multiple projects, working with security tools, network security infrastructure. technologies, and information security management frameworks
• Scope IT Health Checks alongside the business, engaging with suppliers, and managing remediations.
• Providing advice, guidance and recommendations to colleagues and external organisations, in line with relevant legislation and best practice, in order to effectively underpin risk-based judgement making.
• To perform technical risk assessments using consistent processes to quantify, and document, the likelihood and business impact of cyber security risks and to work with project managers, architects and suppliers to identify and assess compensating controls.

Awareness and able to map, assess and evaluate the following to various projects:

• NCSC CAF
• NCSC Principles for the security of Machine Learning
• NCSC Guidance for Secure AI System Development
• NCSC Secure Design Principles
• NCSC Cloud Security Principles

Key Skills/Experience:

• Cloud skills - Azure, AWS, Power Platform and Oracle
• Security Design Review against CAF Frameworks
• Creation of Data Flow Diagrams
• Creating Threat Models
• Understanding NCSC security guidance and architecture patterns.
• Understanding of STRIDE threat modelling.

Knowledge of tools

• Microsoft Visio
• Familiarity of Sparx Enterprise Architect

Other tools to be aware of

• ArchiMate modelling framework
• C4 Modelling for Software Architecture
• Data Flow diagram
• Threat Modelling using STRIDE
• AI Architecture, Text summarisation and model management
• Data Management, Data Science and Analytics
• Experience of a broad range of analytical skills and techniques for drawing insight from data.
• Hands-on Machine Learning/Deep Neural Network technologies. This could be experience with libraries such as Tensorflow, PyTorch, or Scikit-learn.
• Understanding of the theories underpinning statistical and mathematical approaches relating to data driven solutions. For example, this might be machine learning algorithms or methods for assuring correctness.
• Knowledge or experience with AI/ML (eg, relevant courses and/or practical implementation experience) applying security controls to emerging AI/ML applications.