Head of Security Engineering & Architecture

Summary

As Head of Security Engineering & Architecture, you will have relevant experience in similar roles, proficient at managing globally dispersed teams, providing strategic technical direction and comfortable in challenging approaches while driving security efficacy. The ability to communicate effectively and concisely with a range of stakeholders such as technical experts, architects, external partners and our Director of Information Security is a must.

You will have a proven track record of building or transforming security engineering functions that have demonstrable value within a large technology function and wider business. You will be a self-starter and strategic thinker with the ability to lead highly technical teams in a complex environment being comfortable ‘thinking outside of the box’. You will be able to continually demonstrate and improve service value to our customers through well-defined KRI’s.

You will have a background that is hands on and it is through this expertise you will build credibility with deeply technical teams. However, your experience in the last 2-3 years will be around leading and setting clear delivery objectives for a security engineering function to achieve meaningful business outcomes at pace.

If you can inspire teams, plan, drive change, have resilience, see the ‘big picture’, and deliver measurable results; this is the role for you!

 

Responsibilities

Strategy & Leadership

  • A self-starter, always a few steps ahead that can identify opportunities and gain buy-in for security initiatives.
  • Translate high level information security strategy into actionable, planned delivery for Security engineering.
  • Provide thought leadership that will inspire, challenge and motivate the team.
  • Drive a culture of openness, curiosity, change, accountability and continuous improvement.
  • Define, implement and continually evolve a dedicated scalable Security engineering strategy.
  • Strengthen relationships with senior technology leaders across CIO teams and promote the overall information security agenda.
  • Develop business justification and business cases for new tools, both internally and for clients.
  • Define and manage all aspects of the Security engineering budget (CapEx and OpEx).
  • Set clear priorities aligned to a roadmap to deliver new security capabilities.
  • Define and execute a people strategy to deliver a highly skilled Security engineering and Architecture capability in to our business internally and externally.
  • Provide strong leadership and direction that fosters proactive collaboration across the information security team and wider organisation.
  • Remove single person dependencies and create a strong succession plan across Security engineering.
  • Look for opportunities to promote and continue growing the visibility and value of Security engineering internally and across our client base.
  • Showcase the work of the team in leadership, technology forums & clients.
  • Build and maintain relationships across internal and client technology teams.

Operational

  • Be the senior escalation point for the team and unblock technical and non-technical issues.
  • Embed security engineering throughout projects and partner with architecture on prototyping and MVP support.
  • Define, Manage and Report on engineering workload.
  • Eliminate security engineering support gaps in and out of hours.
  • Develop, maintain and evolve Security engineering service catalogue.
  • Build an operating model for security engineering that clearly defines the function and how it interfaces across information security, clients and wider tech teams.
  • Be comfortable advising on all aspects of security engineering around Infrastructure, DevSecOps & Applications.
  • Work closely with the Head of GRC to demystify security data and make it reportable (through automation) to the exec, driving better decisions.
  • Work closely with the Head of Security Operations to ensure the operations team get the support they need from Security engineering.
  • Be comfortable with private cloud and open-source security technology approaches.
  • Evaluate new and existing technologies and ensure they continue to meet requirements.
  • Build robust, repeatable processes leveraging automation where possible to eliminate single points of failure in people and technology.
  • Drive clear prioritisation, minimise time spent on low value work and reduce complexity.
  • Create status reports, briefing packs on all aspects of security engineering for senior management.
  • Identify areas of improvement and efficiencies in our technical approaches and ways of working.
  • Where appropriate participate in major security incidents helping to support immediate corrective actions from an engineering perspective.
  • Participate in root cause investigations and help offer solutions from a Security engineering perspective.
  • Manage existing vendors to ensure continued value from vendors and technology.
  • Support where necessary technical security reviews and risk assessments to ensure solutions are in place to mitigate risks to the organisation.
  • Ensure all our security technology stack looked after by engineering is scalable underpinned by robust operational processes and practices.

 

Requirements

  • Deep understanding of core security controls e.g., Endpoint Detection Response, WAF, SIEM / SOAR, Identity and Access Management, Data security, system hardening, SDLC practices and Application security.
  • Solid understanding of Operating Systems (Windows, Linux and Mac OS).
  • Solid understanding of Open Stack and Kubernetes on private cloud.
  • Good understanding of DevSecOps and Application Security.
  • Ability to make quick and effective decisions around tactical vs strategic security measures.
  • Provide strategic security input into wider modernisation initiatives.
  • Extend expertise into wider CIO ways of working, project delivery and work with teams to drive strategic change allowing security to be better embedded.
  • Have an engaging, motivating and inclusive approach to management.
  • Develop robust training plans across the team.
  • Forecast and manage proactively all aspects of budgeting requirements.
  • Ability to balance evolving strategic and operational priorities.
  • Challenge technical approaches in a constructive manner to reduce security risk in the most effective manner.
  • Data driven, outcome focused mindset to drive ‘big picture’ results while maintaining operational excellence, continuity and efficacy.
  • Ability to translate industry frameworks such as OWASP, MITRE & CIS into engineering work packages to improve control environment.
  • Comfortable working in a non-regulated environment where you have to flip the script on traditional approached to security.
  • Able to travel nationally, within EU and internationally.
  • Excellent verbal, presentation, planning and written communication skills.

Qualifications

We value driven individuals, experience and lifelong self-learners over qualifications; however, the following (or other technical security qualifications) would be a plus:

  • CISSP (inc concentrations such as ISSAP, ISSEP, ISSMP)
  • BSc Computer Science/ Security
  • MSc Information Security

The above list of duties is not exclusive or exhaustive and the post holder will be required to undertake tasks that are reasonably expected within the scope and grading of the post.

Job application

Thanks for your application

Send mail

hello@qtz.ltd

Social

LinkedIn  Instagram  Facebook

Registered Address

130 Shaftesbury Avenue, 2nd Floor
London
W1D 5EU

Registered in England

Company No: 12253156
VAT No: GB336916970

 

© 2022 JFC Tech Services Ltd trading as ‘Quartz Enterprises’

Legal Info

Privacy Policy
Terms & Conditions