About the Client
Our client is one of the world’s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer, working to make the world more resilient. It anticipates and manages risk – from natural catastrophes to climate change, from ageing populations to cybercrime. The aim of the our client is to enable society to thrive and progress, creating new opportunities and solutions for its clients.
About the Role
You will be the IT Security Architect for the technology platform within Technology & Operations department. This is a rare opportunity to join a new business unit within an established company; combining the dynamic spirit of a start-up with the backing of strong organisation.
As the IT Security Architect, you will work closely in multi-functional teams to shape a secure technology platform that is not only resilient against cyberthreats but also fulfils our business and product vision and brings value to our customers and distribution partners. In this role, you will hold the title of the Chief Information Security Officer (CISO) with the responsibility to own and implement procedures and controls in IT security.
Work independently to develop architecture solutions, standards, best practices and the governance process that enables the enterprise to develop and implement secure solutions and capabilities that are aligned with our business and technology strategy. This includes designing a security architecture for application development projects, infrastructure solutions projects, as well as evaluating and recommending security software and solutions.
Develop, publish and present appropriate security architecture principles and standards, position papers, best practices, patterns, frameworks, procedures and controls.
Determine baseline security configuration standards for networks, operating systems, web and application stacks.
Develop and maintain security architecture artefacts (e.g., models, templates, standards, and procedures) that can be used to leverage security capabilities in projects and operations.
Develop and maintain a practice of breach of security drills and chaos scenarios in order to feedback issues quickly & proactively into delivery teams
Partner with architects, developers and infrastructure specialists to drive secure-by-design standards and practices, including baseline security configuration standards for networks, operating systems, web, and application stacks.
Collaborate with the group's information security officer to document identified issues and risks, and appropriate remediation plans.
- 7+ years of experience in cybersecurity, information security, information technology, systems architecture, systems engineering
- Must have participated in developing the security technology architecture for multiple projects
- Experience reviewing application code for security vulnerabilities
- Direct, hands-on experience or strong working knowledge of vulnerability management tools and their integration into CI/CD
- Experience with and a strong working knowledge of the methodologies to conduct threat-modelling exercises on new applications and services.
- Strong understanding of cryptography techniques and standards
- Strong working knowledge of IT infrastructure, applications, databases, operating systems, hypervisors, IP networks, storage networks, backup networks, and media
- Hands-on working knowledge of cloud infrastructure and security best practices, such as Amazon Web Services, Microsoft Azure, etc.
- Strong working knowledge of IAM technologies and services such as Active Directory, Lightweight Directory Access Protocol (LDAP) and Amazon Web Service (AWS) IAM
- Direct, hands-on experience or strong working knowledge of managing security infrastructure — e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM, and log management technology
- Great team player: you collaborate effectively with team members, express technical leadership supporting your views and ideas while keeping open to different opinions, being fearless and always supplying to the overall growth of the team
- Continuous learner who stays up-to-date with the latest trends and carefully vet with proper pragmatism and long-term vision the adoption of new technologies
- Master’s degree in computer science, engineering or equivalent working experience
- Ability to speak and write English fluently
Nice to Have Skills