MASS requires an experienced Security Architect to join an exciting enterprise infrastructure design team. This is growing team in the South West which provides consultancy services to a range of public and private sector clients.
The role supports our customers by recommending and applying architecture and security principles and practices to guide the organisation through the business, information, process, and technology changes necessary to achieve the business objectives.
The role is contractually based from Bristol Business Park, but this is a client facing role so the successful candidate must be comfortable with travel to client locations and MASS work sites mostly in the South West.
We are looking for an experienced IT professional with strong operational and design capabilities. You will be working alongside Senior Business and IT Architects on an enterprise information design.
- Have experience of IT operations
- Be able to design with security in mind
- Understand the design of systems to manage levels of risk, manageable business and technical complexity.
- Have a proactive responsibility to deliver secure systems and implement proportionate controls to enable business outcomes.
- Generate products such as sketches, models, an early user guide, and prototypes to keep the user and the engineers constantly up to date and in agreement on the system to be provided as it is evolving.
- Have the ability to speak on behalf of technical teams and facilitate the relationships with direct and indirect stakeholders.
The preferred candidate will have demonstrable experience in IT security. We would be interested to talk to IT Managers who have some design experience and would be interested in growing into a consultancy role.
The successful candidate will be a strong team player with excellent communication skills, and will be required to hold, or be in a position to qualify for Developed Vetting (DV) Security Clearance.
Mandatory Skill Requirements:
- Understanding of security technologies
- Access control models.
- Public and private encryption.
- Authentication techniques.
- Intrusion detection techniques and how to apply them.
- Common design patterns for mitigating against information risks.
Tools and Methodologies:
At least one of the following recognised IT Security certifications:
- CCP IA Architect
- CISSP, CISM, CISA, ISO 27001.
At least one of the following recognised Risk Assessment or Risk Management certifications or training:
- HMG IS1&2, CRISC, COBIT, ISO27005, Octave
- Demonstrable knowledge of HMG accreditation process, ISO27000 series, NCSC IA portfolio, End User Device security strategy: Security Policy Framework, Gov-UK
- Cyber Security Guidance and controls.
Demonstrate a good understanding of the business relevance of information risks and the current trends and growths in information security.
Demonstrate the ability to explain business principles of secure system designs in terms of business risk.
Subject matter expertise in an element of information risk management, accreditation, governance or compliance.
Hold a Full UK Driving License.
Desirable Skill Requirements:
Tools and Methodologies:
- ITIL experience,
- Ability to produce security cases, accreditation evidence artefacts and documentation to support Accreditor approvals.
- Industry recognised qualifications and knowledge of relevant architectural frameworks (TOGAF, MODAF, SABSA and/or DODAF etc.) to support the specific business
- Cyber Essentials Auditor/Technical Assessor.
- Familiarity with: JSP 440 MOD Manual of Security,
- JSP604 Defence Manual for Information and Communications Technologies (ICT).
- General Data Protection Regulation (GDPR)
Business Continuity and Disaster Recovery Planning.
Experience in writing or updating information assurance operating policies and compliance procedures.
Ability to take a rounded view of security issues and make risk judgements across the relevant scope.
MASS is an equal opportunities employer
plus full company benefits